2 vulnerabilities across 2 products scored HIGH or above on May 23, 2026.

  • HIGH: 2

[HIGH] userspice/userspice

1 CVE | CVSS 9.3 | AAS 7.2

userSpice 4.3.24 is affected by a high-severity username enumeration vulnerability (CVE-2018-25350, CVSS 9.3) that allows unauthenticated attackers to discover valid usernames through the existingUsernameCheck.php endpoint by analyzing responses for the ’taken’ string. Organizations deploying userSpice should upgrade immediately to a patched version to prevent account enumeration attacks. The vulnerability enables attackers to identify valid accounts, facilitating targeted credential attacks and account-specific exploits.

Vendor Advisory


[HIGH] dolibarr/dolibarr_erp_crm

1 CVE | CVSS 9.3 | AAS 7.2

Dolibarr ERP CRM 7.0.3 is affected by a high-severity remote code execution vulnerability (CVE-2018-25357, CVSS 9.3) that allows unauthenticated attackers to execute arbitrary PHP code and system commands through the install/step1.php endpoint by injecting malicious code into the db_name parameter. Organizations running Dolibarr ERP CRM should immediately apply available patches or mitigations from the vendor. The vulnerability enables attackers to execute arbitrary commands via check.php, resulting in complete system compromise and unauthorized access to sensitive enterprise data.

Vendor Advisory