CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Positive Technologies•added 2026/04/14 12:0 a.m.•1 views

PT-2026-32683

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

8.8CVSS5.8AI score0.00064EPSS

Exploits2References5

CNNVD•added 2026/04/14 12:0 a.m.•1 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the /Settings/UserController.php...

8.8CVSS5.8AI score0.00064EPSS

Exploits2References2

Cvelist•added 2026/04/14 12:0 a.m.•23 views

CVE-2026-38529

8.8CVSS0.00064EPSS

Exploits2References2

NVD•added 2026/04/07 6:16 p.m.•1 views

CVE-2026-39325

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extra...

7.2CVSS0.0004EPSS

Exploits0References1

ATTACKERKB•added 2026/04/07 5:29 p.m.•1 views

CVE-2026-39325

7.2CVSS6AI score0.0004EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/04/07 12:0 a.m.•3 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the type array parameters by the /SettingsUser.php endpoint, which could lead to SQL injection attacks...

7.2CVSS5.9AI score0.0004EPSS

Exploits0References1