Lucene search
K

9 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-61460

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS0.0028EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42981

Krayin CRM through 2.2.3 contains an insecure direct object reference vulnerability in LeadController, PersonController, OrganizationController, QuoteController, and ActivityController that allows authenticated users to edit, update, or delete records owned by other users. Attackers can modify CR...

8.8CVSS6.1AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/14 6:30 p.m.6 views

EUVD-2026-22301

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References3
OSV
OSV
added 2026/04/14 6:30 p.m.9 views

GHSA-RM5F-3C25-P4CW Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/04/14 6:30 p.m.21 views

Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.35 views

CVE-2026-38530

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS0.00351EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.2 views

CVE-2026-38530

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.9 views

PT-2026-32684

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References5
Rows per page
Query Builder