Published CVEs
Vulnerabilities I found through security research and reported to the affected vendors. Each one was assigned a CVE and disclosed responsibly. These are real bugs in software people trusted to be secure, found by taking the systems apart and seeing where they break.
9 total 2 high 7 medium
All published CVEs
CVEVulnerabilityVendorDisclosed
- CVE-2026-7783SQL InjectionPerfex CRM ≤ 3.4.1May 4, 2026
- CVE-2026-7782Authorization Bypass in Clients::projectPerfex CRM ≤ 3.4.1May 4, 2026
- CVE-2025-3219Stored XSS in Project DiscussionPerfex CRM 3.2.1Jan 1, 2025
- CVE-2025-2974Stored XSS in /contract contentPerfex CRM ≤ 3.2.1Jan 1, 2025
- CVE-2024-9031Cross-site scriptingCodeCanyon CRMGo SaaS ≤ 7.2Jan 1, 2024
- CVE-2024-9030Stored Cross-Site ScriptingCodeCanyon CRMGo SaaS 7.2Jan 1, 2024
- CVE-2024-8945SQL InjectionRISE Ultimate Project Manager 3.7.0Jan 1, 2024
- CVE-2024-8867Cross-Site ScriptingPerfex CRM 3.1.6Jan 1, 2024
- CVE-2024-8784SQL InjectionQDocs Smart School Management SystemJan 1, 2024