19120 matches found
GHSA-RM5F-3C25-P4CW Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php
A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...
Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php
A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...
Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php
A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...
CVE-2026-32076
CVE-2026-32076 describes an out-of-bounds read in the Windows Storage Spaces Controller that enables an authorized local attacker to elevate privileges. The vulnerability is tied to the Storage Spaces Controller component and is documented across multiple sources (NVD/NVD-affiliated listings, Red...
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
CVE-2026-27907
CVE-2026-27907 is a Windows Storage Spaces Controller elevation-of-privilege vulnerability caused by an integer underflow. Exploitation would require local access with low privileges. Publicly available sources confirm the issue and that Microsoft released fixes (e.g., KB5082060 for Windows Serve...
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
...
Authorization Bypass Through User-Controlled Key
Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in...
Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...
ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
...
Craft Commerce has an unauthenticated information disclosure that can leak some customer order data on anonymous payments
Summary PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON error response includes the serialized order object order, which contains some sensitive fields such as custome...
Webkul Krayin CRM 安全漏洞
Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the...
CVE-2026-38529
A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...
PT-2026-32684
A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...
PT-2026-32683
A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...
CVE-2026-38530
A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...
Microsoft Windows Storage Spaces Controller 缓冲区错误漏洞
Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for providing storage space functions. There is a buffer error vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain elevated privileges. The following...
Microsoft Windows Storage Spaces Controller 数字错误漏洞
Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for providing storage space functions. There is a numerical error vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain higher privileges. The following...