Vulnerabilidades em espocrm
21 resultadosCVE-2026-33534MEDIUMEspoCRM has authenticated SSRF via internal-host validation bypass using alternative IPv4 notationEPSS 2.0%CVE-2023-5965MEDIUMUnrestricted Upload of File with Dangerous Type in EspoCRMEPSS 1.0%CVE-2023-5966MEDIUMUnrestricted Upload of File with Dangerous Type in EspoCRMEPSS 1.0%CVE-2025-52575MEDIUMEspoCRM vulnerable to LDAP Injection through Improper Neutralization of Special ElementsEPSS 0.7%CVE-2024-24818MEDIUMEspoCRM weakness in "Forgot password"EPSS 0.6%CVE-2020-37094HIGHEspoCRM 5.8.5 - Privilege EscalationEPSS 0.5%CVE-2021-3539MEDIUMEspoCRM Avatar Persistent XSSEPSS 0.5%CVE-2026-33656CRITICALEspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin userEPSS 0.5%CVE-2026-33733HIGHEspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and deleteEPSS 0.4%CVE-2023-46736MEDIUMServer-Side Request Forgery in espocrmEPSS 0.4%CVE-2026-41141MEDIUMEspoCRM: IDOR in EmailTemplate Prepare Endpoint Leaks Entity Data via Email Address LookupEPSS 0.3%CVE-2025-32789LOWEspoCRM Allows Potential Disclosure of Sensitive Information in the User Sorting FunctionEPSS 0.3%CVE-2026-33659LOWEspoCRM: SSRF via DNS Rebinding in Attachment fromImageUrl Endpoint Allows Internal Network AccessEPSS 0.3%CVE-2025-32390HIGHEspoCRM vulnerable to HTML Injection into phishing, which may lead to account takeoverEPSS 0.3%CVE-2026-41160MEDIUMEspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notesEPSS 0.3%CVE-2025-32385MEDIUMEspoCRM allows unrestricted Embedding in Iframe dashletEPSS 0.2%CVE-2025-52892MEDIUMEspoCRM is vulnerable to access denial through double slash in URI corrupting router cacheEPSS 0.2%CVE-2026-33740MEDIUMEspoCRM: Email importEml can import and delete another user's attachment by raw fileIdEPSS 0.2%CVE-2026-33741MEDIUMEspoCRM: Stored XSS via SVG attachment loading same-origin JavaScriptEPSS 0.2%CVE-2026-33657MEDIUMEspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post fieldEPSS 0.2%