CVE-2025-70981

Critical CVSS: 9.8

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface (/user/list) via the departmentIds parameter.

Vendor

Product

CWE

Yayın Tarihi

2026-02-12 18:16:08

Güncelleme

2026-02-18 19:54:25

Source Identifier

cve@mitre.org

KEV Date Added

CWE-89 Cordys Crm CRITICAL Fit2cloud 2026

https://github.com/Tomikun2/SQL-Injection-in-CordysCRM/blob/main/README.md

High

CVE-2026-32949

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a Se…

High

CVE-2026-32950

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.7.0 contain a cr…

High

CVE-2026-32622

SQLBot is an intelligent data query system based on a large language model and RAG. Versions 1.5.0 and below contain a S…

Medium

CVE-2026-31798

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v4.10.16-lts,…

Medium

CVE-2026-31864

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template…

Medium

CVE-2025-15598

A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend…