Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2026-29106 — SuiteCRM has blind XSS in return_id parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the value of the return_id request parameter is copied in…

suitecrm suitecrm | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
6.1 MEDIUM
CVE-2026-29105 — SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an unauthenticated open redirect vulner…

suitecrm suitecrm | Remote | Misconfiguration
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
2.7 LOW
CVE-2026-29104 — SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult…

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload …

suitecrm suitecrm | Remote | Authentication
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
9.1 CRITICAL
CVE-2026-29103 — SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, all…

suitecrm suitecrm | Remote | Injection
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
8.8 HIGH
CVE-2026-29102 — SuiteCRM has Authenticated RCE in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution (RCE) vulnerabilit…

suitecrm suitecrm | Remote | Authentication
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
7.5 HIGH
CVE-2026-29101 — SuiteCRM Vulnerable to Directory Traversal to DoS in Modules

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service (DoS) vulnerability exists in SuiteCR…

suitecrm suitecrm | Remote | Denial of Service
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
7.1 HIGH
CVE-2026-29100 — SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allo…

suitecrm suitecrm | Remote | Cross-Site Scripting
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
8.8 HIGH
CVE-2026-29099 — SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `retrieve()` function in `include/OutboundEmail/Outbo…

suitecrm suitecrm | Remote | Injection
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
4.9 MEDIUM
CVE-2026-29098 — SuiteCRM has Relative Path Traversal via ModuleBuilder Modules ExportCustom Action

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `action_exportCustom` function in `modules/ModuleBuil…

suitecrm suitecrm | Remote | Path Traversal
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
7.5 HIGH
CVE-2026-29097 — SuiteCRM Server-Side Request Forgery and Denial of Service via RSS Feed Dashlet

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions prior to 7.15.1 and 8.9.3 contain a Server-Side Request Forgery (SSRF) vulnerability…

suitecrm suitecrm | Remote | Server-Side Request Forgery
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
8.1 HIGH
CVE-2026-29096 — SuiteCRM vulnerable to Authenticated SQL Injection via unsanitized field_function in Repo…

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, when creating or editing a report (AOR_Reports module), t…

suitecrm suitecrm | Remote | Injection
Mar 19, 2026 Mar 24, 2026
Mar 19, 2026
Mar 24, 2026
9.1 CRITICAL
CVE-2026-22732 — Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security…

spring_security | Remote | Misconfiguration
Mar 19, 2026 Apr 16, 2026
Mar 19, 2026
Apr 16, 2026
8.2 HIGH
CVE-2026-22731 — Authentication Bypass under Actuator Health groups paths

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, alrea…

spring_boot | Remote | Authentication
Mar 19, 2026 Apr 16, 2026
Mar 19, 2026
Apr 16, 2026
Showing 20 of 6333 Results