Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
In Perfex Crm < 3.2.1, an authenticated attacker can send a crafted HTTP POST request to the affected upload_sales_file endpoint. By providing malicious input in the rel_id parameter, combined with im
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address
A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Conte
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This vulnerability affects unknown code of the file application/controllers/Clients.php of the component Parameter H
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clienti
A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipul
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoi
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manip
A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussi
The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in th
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'subject' at the en
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'company' at the end
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'expense_name' at th
Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victi
CVE-2025-34046
CRITICAL CVSS 10.0
Find Similar
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly vali
A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File can lead
A HTML injection vulnerability exists in Perfex CRM v3.3.1. The application fails to sanitize user input in the "Bill To" address field within the estimate module. As a result, arbitrary HTML can be i
CVE-2024-42563
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVE-2024-46088
CRITICAL CVSS 9.8
Find Similar
An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary
An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or mal
Page 1+ Next →