| CVE-2026-36340 |
high |
8.1 |
8.1 |
27d ago |
Krayin CRM allows a remote attacker to execute arbitrary code via compose email function |
|
| CVE-2026-36341 |
medium |
5.4 |
5.4 |
20d ago |
Webkul Krayin CRM is Vulnerable to Cross-Site Scripting in the /admin/activities/create endpoint |
|
| CVE-2026-5370 |
low |
3.5 |
3.5 |
2mo ago |
Krayin CRM is vulnerable to Cross-site Scripting (XSS) |
|
| CVE-2026-38527 |
unknown |
— |
— |
1mo ago |
Webkul Krayin CRM has Server-Side Request Forgery (SSRF) |
|
| CVE-2026-38530 |
unknown |
— |
— |
1mo ago |
Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php |
|
| CVE-2026-38532 |
unknown |
— |
— |
1mo ago |
Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php |
|
| CVE-2026-38529 |
unknown |
— |
— |
1mo ago |
Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php |
|
| CVE-2024-45932 |
unknown |
— |
— |
2y ago |
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name |
|
| CVE-2021-41924 |
unknown |
— |
— |
4y ago |
Cross-site Scripting in krayin/laravel-crm |
|