Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6AI score0.00024EPSS
Exploits2References1
GithubExploit
GithubExploitadded 2026/05/16 6:51 p.m.75 views

Exploit for CVE-2026-38526

CVE-2026-38526 | Krayin CRM v2.2.x Authenticated RCE - Unrestr...

9.9CVSS6.5AI score0.00024EPSS
Exploits2
EUVD
EUVDadded 2026/04/14 6:30 p.m.2 views

EUVD-2026-22296

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6.2AI score0.00024EPSS
Exploits2References4
NVD
NVDadded 2026/04/14 4:16 p.m.3 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS0.00024EPSS
Exploits2References3
Snyk
Snykadded 2026/04/14 4:14 p.m.5 views

Arbitrary Code Injection

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Arbitrary Code Injection via the /admin/tinymce/uplo...

9.9CVSS6.5AI score0.00024EPSS
Exploits2References2
CNNVD
CNNVDadded 2026/04/14 12:0 a.m.2 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from the admin/tinymce/upload endpoint, where an authenticated arbitrary fi...

9.9CVSS6.1AI score0.00024EPSS
Exploits2References3
CVE
CVEadded 2026/04/14 12:0 a.m.5 views

CVE-2026-38526

Webkul Krayin CRM v2.2.x is affected by an authenticated arbitrary file upload vulnerability at the /admin/tinymce/upload endpoint, allowing upload of a crafted PHP file to execute code on the server. The issue, described across CVE/NVD/CVEList entries, requires authentication and yields likely r...

9.9CVSS6.2AI score0.00024EPSS
Exploits2References3
Cvelist
Cvelistadded 2026/04/14 12:0 a.m.21 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS0.00024EPSS
Exploits2References2
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.3 views

PT-2026-32680

Name of the Vulnerable Software and Affected Versions Webkul Krayin CRM versions 2.2.x Description An authenticated arbitrary file upload issue exists in the '/admin/tinymce/upload' endpoint. This allows authenticated attackers to upload a crafted PHP file, which can lead to remote code execution...

9.9CVSS6.6AI score0.00024EPSS
Exploits2References9
Vulnrichment
Vulnrichmentadded 2026/04/14 12:0 a.m.3 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6.2AI score0.00024EPSS
Exploits2References2
Rows per page
Query Builder