CVE-2026-38532
Webkul Krayin CRM v2.2.x is affected by a Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint. The vulnerability enables an authenticated user to read, modify, or permanently delete contact records owned by other users by sending a crafted GET request. T...