Security Vulnerabilities
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID (e.g. attachments). An unauthenticated attacker could download internal files when he discovers a valid file-ID.
Valid IDs could be brute-forced, but this is quite time-consuming as the file-IDs are usually UUIDs. This issue is fixed in version 7.14.7.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-08-07
Azure OpenAI Elevation of Privilege Vulnerability
CVSS Score
10.0
EPSS Score
0.001
Published
2025-08-07
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.001
Published
2025-08-07
Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVSS Score
8.2
EPSS Score
0.001
Published
2025-08-07
Azure Portal Elevation of Privilege Vulnerability
CVSS Score
9.1
EPSS Score
0.001
Published
2025-08-07
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-08-07
In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-08-07
In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
CVSS Score
5.6
EPSS Score
0.0
Published
2025-08-07
In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2025-08-07
In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
CVSS Score
5.6
EPSS Score
0.001
Published
2025-08-07