5.4
CVE-2026-29105 - SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an unauthenticated open redirect vulnerability in the WebToLead capture functionality. A user-supplied POST parameter is used as a redirectβ¦
5.7
CVE-2026-32816 - Admidio has Missing CSRF Validation on Role Delete, Activate, and Deactivate Actions
Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groups_roles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF β¦
2.7
CVE-2026-29104 - SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in Sβ¦
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file tyβ¦
9.1
CVE-2026-29103 - SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. A Critical Remote Code Execution (RCE) vulnerability exists in SuiteCRM 7.15.0 and 8.9.2, allowing authenticated administrators to execute arbitrary system commands. This vulnerability is a dirβ¦
7.2
CVE-2026-29102 - SuiteCRM has Authenticated RCE in Modules
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, an Authenticated Remote Code Execution (RCE) vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue.
5.7
CVE-2026-32755 - Admidio is Missing CSRF Protection on Role Membership Date Changes
Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop_membership and remove_forβ¦
4.9
CVE-2026-29101 - SuiteCRM Vulnerable to Directory Traversal to DoS in Modules
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, a Denial-of-Service (DoS) vulnerability exists in SuiteCRM modules. Versions 7.15.1 and 8.9.3 patch the issue.
7.1
CVE-2026-29100 - SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allows attackers to inject arbitrary HTML content, enabling phishing attacks and page defacement. Versioβ¦
9.1
CVE-2026-22732 - Under Some Conditions Spring Security HTTP Headers Are not Written
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.Β This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 througβ¦
8.8
CVE-2026-29099 - SuiteCRM has Authenticated Blind SQL Injection in OutboundEmail Legacy Functionality.
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `retrieve()` function in `include/OutboundEmail/OutboundEmail.php` fails to properly neutralize the user controlled `$id` parameter. It is assumed that tβ¦