Suitecrm
This hub aggregates every CVE we track for Suitecrm. Use it to gauge the current risk picture and drill into individual advisories.
other
126
CVEs tracked
27
Critical
50
High
0
In CISA KEV
Severity distribution
HIGH50MEDIUM45CRITICAL27LOW4
Monthly trend
0
0
1
0
6
0
2
0
0
0
0
0
0
6
0
1
8
0
0
0
18
2
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Suitecrm.
- CVE-2019-25664SuiteCRM 7.10.7 SQL Injection via record Parameter7.1
- CVE-2019-25663SuiteCRM 7.10.7 SQL Injection via parentTab Parameter7.1
- CVE-2026-32697SuiteCRM: RecordHandler::getRecord() missing ACLAccess('view') check allows any authenticated user to read any record (IDOR)6.5
- CVE-2026-29109SuiteCRM Authenticated Remote Code Execution via Unsafe Deserialization in SavedSearch Filter Processing7.2
- CVE-2026-29108Authenticated SuiteCRM Users Can Retrieve The Password Hash of Any User6.5
- CVE-2026-33289SuiterCRM has LDAP Filter Injection in Authentication Module8.8
- CVE-2026-33288SuiteCRM has Authenticated SQL Injection in Authentication Module8.8
- CVE-2026-29189SuiteCRM has a REST API V8 IDOR: Missing ACL Checks on User Preferences and Relationship Endpoints8.1
- CVE-2026-29107SuiteCRM vulnerable to authenticated SSRF via PDF export5.0
- CVE-2026-29106SuiteCRM has blind XSS in return_id parameter5.9
- CVE-2026-29105SuiteCRM has Unauthenticated Open Redirect in Leads WebToLead Capture5.4
- CVE-2026-29104SuiteCRM Vulnerable to Authenticated Arbitrary File Upload via Configurator addfontresult View in SuiteCRM2.7
- CVE-2026-29103SuiteCRM Vulnerable to Remote Code Execution via Module Loader Package Scanner Bypass9.1
- CVE-2026-29102SuiteCRM has Authenticated RCE in Modules7.2
- CVE-2026-29101SuiteCRM Vulnerable to Directory Traversal to DoS in Modules4.9
Product normalization is registry-driven with AI assist and human review. How it works