CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

CVE•added 2026/04/14 12:0 a.m.•17 views

CVE-2026-38526

Webkul Krayin CRM v2.2.x is affected by an authenticated arbitrary file upload vulnerability at the /admin/tinymce/upload endpoint, allowing upload of a crafted PHP file to execute code on the server. The issue, described across CVE/NVD/CVEList entries, requires authentication and yields likely r...

9.9CVSS6.2AI score0.00834EPSS

Exploits3References3

EUVD•added 2026/01/12 2:35 p.m.•10 views

EUVD-2026-1933

Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchangeoffers.php’...

8.7CVSS7.6AI score0.00274EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:28 a.m.•7 views

CVE-2021-33853

A Cross-Site Scripting XSS attack can cause arbitrary code javascript to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the...

5.4CVSS5.7AI score0.00567EPSS

Exploits1References1

OSV•added 2025/12/29 3:6 p.m.•5 views

CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field

Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...

5.4CVSS6.2AI score0.00169EPSS

Exploits0References5

EUVD•added 2025/11/17 6:30 p.m.•5 views

EUVD-2024-55088

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frmid and aremark parameters in manage-tickets.php...

6.5CVSS7.5AI score0.0021EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-12128

Malware in sbrugna...

5.3CVSS5.9AI score0.01489EPSS

Exploits0References3