CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:21 p.m.•9 views

CVE-2026-38529

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

8.8CVSS5.5AI score0.00624EPSS

RedhatCVE•added 2026/06/05 7:21 p.m.•10 views

CVE-2026-38527

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

8.5CVSS5.5AI score0.00249EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:21 p.m.•6 views

CVE-2026-38530

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.5AI score0.00351EPSS

RedhatCVE•added 2026/06/05 7:21 p.m.•7 views

CVE-2026-38528

Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rottenlead parameter at /Lead/LeadDataGrid.php...

7.1CVSS5.6AI score0.00191EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:21 p.m.•7 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6AI score0.00834EPSS

GithubExploit•added 2026/05/16 6:51 p.m.•110 views

Exploit for CVE-2026-38526

CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestr...

9.9CVSS6.5AI score0.00834EPSS

Exploits2

EUVD•added 2026/05/07 6:30 p.m.•9 views

EUVD-2026-28390

OSV•added 2026/05/07 6:30 p.m.•4 views

Exploits0References6

GHSA-J822-46R5-H4QX Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint

Github Security Blog•added 2026/05/07 6:30 p.m.•11 views

Exploits0References8

Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint

Exploits0References8Affected Software1

Snyk•added 2026/05/07 5:35 p.m.•5 views

Cross-site Scripting (XSS)

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in th...

6.1CVSS5.8AI score0.0021EPSS

Exploits0References2

NVD•added 2026/05/07 4:16 p.m.•15 views

CVE-2026-36341

5.4CVSS0.0021EPSS

ATTACKERKB•added 2026/05/07 12:0 a.m.•3 views

CVE-2026-36341

CNNVD•added 2026/05/07 12:0 a.m.•8 views

Exploits0References6

Webkul Krayin CRM 跨站脚本漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses developed by the Indian company Webkul. Version 2.1.5 of Webkul Krayin CRM contains a cross-site scripting vulnerability. This vulnerability arises from the lack of cleanup of user input during the...

5.4CVSS5.6AI score0.0021EPSS

Exploits0References1

Vulnrichment•added 2026/05/07 12:0 a.m.•5 views

CVE-2026-36341

5.8AI score0.0021EPSS

Cvelist•added 2026/05/07 12:0 a.m.•26 views

CVE-2026-36341

0.0021EPSS

CVE•added 2026/05/07 12:0 a.m.•8 views

CVE-2026-36341

CVE-2026-36341 : Webkul Krayin CRM 2.1.5 contains a Cross-Site Scripting (XSS) flaw in the comment input during Activity creation via the /admin/activities/create endpoint. The root cause is inadequate sanitization of user-supplied input in the comment field. The CVSS v3.1 base score is 5.4 (Medi...