Known Vulnerabilities for EspoCRM by EspoCRM
Listed below are 10 of the newest known vulnerabilities associated with "EspoCRM" by "EspoCRM".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33740 json | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/i... | Not Provided | 2026-04-13 | 2026-04-14 |
| CVE-2026-33733 json | EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management... | Not Provided | 2026-04-22 | 2026-04-23 |
| CVE-2026-33659 json | EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachm... | Not Provided | 2026-04-13 | 2026-04-14 |
| CVE-2026-33657 json | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection... | Not Provided | 2026-04-13 | 2026-04-13 |
| CVE-2026-33656 json | EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula sc... | Not Provided | 2026-04-22 | 2026-04-23 |
| CVE-2026-33534 json | EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server... | Not Provided | 2026-04-13 | 2026-04-14 |
| CVE-2023-5966 json | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the ext... | Not Provided | 2023-11-30 | 2026-04-20 |
| CVE-2023-5965 json | An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the upd... | Not Provided | 2023-11-30 | 2026-04-20 |
| CVE-2022-38846 json | EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure c... | 5.9 - MEDIUM | 2022-09-16 | 2022-09-17 |
| CVE-2022-38845 json | Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser v... | 6.1 - MEDIUM | 2022-09-16 | 2023-08-08 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Espocrm | Espocrm | 5.6.9 | |||
| Application | Espocrm | Espocrm | 5.6.8 | |||
| Application | Espocrm | Espocrm | 5.6.7 | |||
| Application | Espocrm | Espocrm | 5.6.6 | |||
| Application | Espocrm | Espocrm | 5.6.5 | |||
| Application | Espocrm | Espocrm | 5.6.4 | |||
| Application | Espocrm | Espocrm | 5.6.3 | |||
| Application | Espocrm | Espocrm | 5.6.2 | |||
| Application | Espocrm | Espocrm | 5.6.10 | |||
| Application | Espocrm | Espocrm | 5.6.1 | |||
| Application | Espocrm | Espocrm | 5.6.0 | |||
| Application | Espocrm | Espocrm | 5.5.6 | |||
| Application | Espocrm | Espocrm | 5.5.5 | |||
| Application | Espocrm | Espocrm | 5.5.4 | |||
| Application | Espocrm | Espocrm | 5.5.3 | |||
| Application | Espocrm | Espocrm | 5.5.2 | |||
| Application | Espocrm | Espocrm | 5.5.1 | |||
| Application | Espocrm | Espocrm | 5.5.0 | |||
| Application | Espocrm | Espocrm | 5.4.5 | |||
| Application | Espocrm | Espocrm | 5.4.4 |