GHSA-32PX-CCFX-CXQ3 Krayin CRM allows a remote attacker to execute arbitrary code via compose email function

An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

Krayin CRM allows a remote attacker to execute arbitrary code via compose email function

An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

Arbitrary Code Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the compose email...

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

PT-2026-36116

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

CVE-2026-36340

CVE-2026-36340 affects Krayin CRM v2.1.5; fixed in v2.1.6. The issue arises in Email → Compose when attaching files, allowing an authenticated user to upload PHP payloads to a publicly accessible directory, enabling remote code execution. Upgrade to v2.1.6 or apply vendor mitigations; PoC indicat...

EUVD-2026-26382

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

CVE-2025-23525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

EUVD-2025-3227

Malicious code in bioql PyPI...

CVE-2025-23525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

CVE-2025-23525

CVE-2025-23525 is a reflected cross-site scripting vulnerability in the WordPress plugin Kv Compose Email From Dashboard (Kv Send Email From Admin) with affected versions up to 1.1. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Public sour...

CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard allows Reflected XSS. This issue affects Kv Compose Email From Dashboard: from n/a through 1.1...

PT-2025-6986 · Unknown · Kv Compose Email From Dashboard

Name of the Vulnerable Software and Affected Versions: Kv Compose Email From Dashboard versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...

WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Kv Compose Email From Dashboard versions = 1.1...

Lark Technologies: Able to steal private files by manipulating response using Compose Email function of Lark

A IDOR Insecure Direct Object Reference vulnerability was found within the "Compose Email" functions of Lark. This vulnerability could have allowed malicious users to fetch the files of other users if they knew the specific file ID which was an alphanumeric value. We thank @imrannisar for reporti...

CVE-2006-3564

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the email, 2 cond, or 3 name parameters to a addressbook.view.php, 4 the daysprune parameter to b index.php, 5 the datato parameter to c...