Lucene search
K

24 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-15472

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...

5.3CVSS0.00207EPSS
Exploits0References5
CVE
CVE
added 3 days ago14 views

CVE-2026-15472

Technical details are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.9AI score0.00207EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.11 views

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS6AI score0.00567EPSS
Exploits1References1
OSV
OSV
added 2026/04/30 6:30 p.m.12 views

GHSA-32PX-CCFX-CXQ3 Krayin CRM allows a remote attacker to execute arbitrary code via compose email function

An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS6.2AI score0.00567EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/04/30 6:30 p.m.13 views

Krayin CRM allows a remote attacker to execute arbitrary code via compose email function

An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS6.2AI score0.00567EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/30 6:22 p.m.7 views

Arbitrary Code Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the compose email...

9.2CVSS6.2AI score0.00567EPSS
Exploits1References2
NVD
NVD
added 2026/04/30 4:16 p.m.10 views

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS0.00567EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/30 12:0 a.m.7 views

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

6AI score0.00567EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.16 views

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

6AI score0.00567EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/30 12:0 a.m.6 views

EUVD-2026-26382

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS6AI score0.00567EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/30 12:0 a.m.33 views

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

0.00567EPSS
Exploits1References3
CVE
CVE
added 2026/04/30 12:0 a.m.43 views

CVE-2026-36340

CVE-2026-36340 affects Krayin CRM v2.1.5; fixed in v2.1.6. The issue arises in Email → Compose when attaching files, allowing an authenticated user to upload PHP payloads to a publicly accessible directory, enabling remote code execution. Upgrade to v2.1.6 or apply vendor mitigations; PoC indicat...

8.1CVSS6AI score0.00567EPSS
Exploits1References3
OSV
OSV
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36340

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS6.4AI score0.00567EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36116

An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...

8.1CVSS6AI score0.00567EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.7 views

CVE-2025-23525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

7.1CVSS7.2AI score0.00297EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-3227

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 2025/02/14 1:15 p.m.6 views

CVE-2025-23525

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

7.1CVSS0.00297EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/14 12:44 p.m.14 views

CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...

7.1CVSS0.00297EPSS
Exploits0References1
CVE
CVE
added 2025/02/14 12:44 p.m.55 views

CVE-2025-23525

CVE-2025-23525 is a reflected cross-site scripting vulnerability in the WordPress plugin Kv Compose Email From Dashboard (Kv Send Email From Admin) with affected versions up to 1.1. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Public sour...

7.1CVSS7.2AI score0.00297EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/14 12:44 p.m.4 views

CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard allows Reflected XSS. This issue affects Kv Compose Email From Dashboard: from n/a through 1.1...

7.1CVSS6.9AI score0.00297EPSS
Exploits0References1
Rows per page
Query Builder