VYPR
Vendor

Krayin

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2026-38526CriApr 14, 2026
    risk 0.64cvss 9.9epss 0.01

    An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file.

  • CVE-2026-38527HigApr 14, 2026
    risk 0.55cvss 8.5epss 0.00

    A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

  • CVE-2026-36340HigApr 30, 2026
    risk 0.53cvss 8.1epss 0.01

    An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function

  • CVE-2026-38528HigApr 14, 2026
    risk 0.46cvss 7.1epss 0.00

    Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.

  • CVE-2026-36341MedMay 7, 2026
    risk 0.28cvss 5.4epss 0.00

    Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activities/create endpoint

  • CVE-2026-5370LowApr 2, 2026
    risk 0.16cvss 3.5epss 0.00

    A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote…