Lucene search
K

225 matches found

Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.15 views

PT-2026-36081

Name of the Vulnerable Software and Affected Versions Webkul Krayin CRM version 2.1.5 Description A Cross-Site Scripting XSS issue occurs due to improper sanitization of user-supplied input in the comment field during activity creation. This allows for HTML injection via the...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

Bagisto 代码问题漏洞

Bagisto is an open-source e-commerce framework developed by Webkul Software in India. Versions of Bagisto 2.3.15 and earlier contained code vulnerabilities. These vulnerabilities stemmed from improper handling of the copy function in the Downloadable Link Handler component, which could lead to...

6.5CVSS6.7AI score0.00201EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 6:30 p.m.9 views

GHSA-RM5F-3C25-P4CW Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/14 6:30 p.m.6 views

EUVD-2026-22300

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

8.8CVSS5.8AI score0.00624EPSS
Exploits2References3
OSV
OSV
added 2026/04/14 6:30 p.m.5 views

GHSA-FPX9-9HQ8-W2XC Webkul Krayin CRM has Server-Side Request Forgery (SSRF)

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

8.5CVSS5.8AI score0.00249EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/14 6:30 p.m.8 views

EUVD-2026-22296

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6.2AI score0.02759EPSS
Exploits11References4
OSV
OSV
added 2026/04/14 6:30 p.m.5 views

GHSA-2XX8-J85V-J7WH Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php

A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/14 6:30 p.m.8 views

EUVD-2026-22303

A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References3
OSV
OSV
added 2026/04/14 12:0 a.m.3 views

CVE-2026-38530

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS6AI score0.00351EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an SQL injection issue with the rottenlead parameter in the...

7.1CVSS5.9AI score0.00191EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32681

CVE-2026-38527 A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying … https://t.co/UnVbPvc3Tv...

8.5CVSS5.7AI score0.00249EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.3 views

CVE-2026-38529

A Broken Object-Level Authorization BOLA in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request...

8.8CVSS5.8AI score0.00624EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.4 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS6.2AI score0.02759EPSS
Exploits11References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses developed by the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an issue with server-side request forgeing in the...

8.5CVSS5.8AI score0.00249EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.42 views

CVE-2026-38526

An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file...

9.9CVSS0.02759EPSS
Exploits11References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.9 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/04/14 12:0 a.m.2 views

CVE-2026-38530

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS5.8AI score0.00351EPSS
Exploits2References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.10 views

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from the admin/tinymce/upload endpoint, where an authenticated arbitrary fi...

9.9CVSS6.1AI score0.02759EPSS
Exploits11References3
Cvelist
Cvelist
added 2026/04/14 12:0 a.m.37 views

CVE-2026-38530

A Broken Object-Level Authorization BOLA in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request...

8.1CVSS0.00351EPSS
Exploits2References2
Rows per page
Query Builder