CVE-2026-7783 medium· 6.3
Published CVEs
9 CVEs found in production software, disclosed under embargo and published once vendors shipped a fix.
Disclosure approach
Every CVE listed here followed a coordinated timeline. The vendor was contacted first, given a reasonable window to triage and ship a fix, and the advisory was only published once that fix was available — or, when vendors went unresponsive, after public disclosure norms had been met. Most findings come from CRM, project-management, and SaaS platforms reviewed during engagements or independent research.
9 total 2 high 7 medium
All published CVEs
- CVE-2026-7782 medium· 6.3
Authorization Bypass in Clients::project in Perfex CRM ≤ 3.4.1
- CVE-2025-3219 medium
Stored XSS in Project Discussion in Perfex CRM 3.2.1
- CVE-2025-2974 medium
Stored XSS in /contract content in Perfex CRM ≤ 3.2.1
- CVE-2024-9031 medium
Cross-site scripting in CodeCanyon CRMGo SaaS ≤ 7.2
- CVE-2024-9030 medium
Stored Cross-Site Scripting in CodeCanyon CRMGo SaaS 7.2
- CVE-2024-8945 high
SQL Injection in RISE Ultimate Project Manager 3.7.0
- CVE-2024-8867 medium
Cross-Site Scripting in Perfex CRM 3.1.6
- CVE-2024-8784 high
SQL Injection in QDocs Smart School Management System
Found something?
If you've found a vulnerability in software I work on or want help coordinating a disclosure, reach me at [email protected]. I'm also reachable through the contact page.