24 matches found
CVE-2026-15472
A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been publicly disclosed and...
CVE-2026-15472
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-36340
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
GHSA-32PX-CCFX-CXQ3 Krayin CRM allows a remote attacker to execute arbitrary code via compose email function
An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
Krayin CRM allows a remote attacker to execute arbitrary code via compose email function
An issue in Krayin CRM v.2.1.5, which was fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
Arbitrary Code Injection
Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the compose email...
CVE-2026-36340
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
CVE-2026-36340
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
CVE-2026-36340
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
EUVD-2026-26382
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
CVE-2026-36340
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
CVE-2026-36340
CVE-2026-36340 affects Krayin CRM v2.1.5; fixed in v2.1.6. The issue arises in Email → Compose when attaching files, allowing an authenticated user to upload PHP payloads to a publicly accessible directory, enabling remote code execution. Upgrade to v2.1.6 or apply vendor mitigations; PoC indicat...
CVE-2026-36340
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
PT-2026-36116
An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function...
CVE-2025-23525
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...
EUVD-2025-3227
Malicious code in bioql PyPI...
CVE-2025-23525
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...
CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard kv-send-email-from-admin allows Reflected XSS.This issue affects Kv Compose Email From Dashboard: from n/a through = 1.1...
CVE-2025-23525
CVE-2025-23525 is a reflected cross-site scripting vulnerability in the WordPress plugin Kv Compose Email From Dashboard (Kv Send Email From Admin) with affected versions up to 1.1. The issue arises from improper input neutralization during web page generation, enabling Reflected XSS. Public sour...
CVE-2025-23525 WordPress Kv Compose Email From Dashboard plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kvvaradha Kv Compose Email From Dashboard allows Reflected XSS. This issue affects Kv Compose Email From Dashboard: from n/a through 1.1...