CVE-2024-25164 — CVSS 7.5 (high): iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download…
CVE-2024-47769 — CVSS 7.5 (high): IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference…
CVE-2023-52265 — CVSS 5.4 (medium): IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update…