Tag
high
advisory
Webkul Krayin CRM SSRF Vulnerability (CVE-2026-38527)
2 rules 1 TTP 1 CVEA Server-Side Request Forgery (SSRF) vulnerability in Webkul Krayin CRM v2.2.x allows attackers to scan internal resources by sending a crafted POST request to the /settings/webhooks/create endpoint.
cve-2026-38527
ssrf
webkul
krayin-crm
2r
1t
1c
high
advisory
Krayin CRM v2.2.x SQL Injection Vulnerability
2 rules 1 TTP 1 CVEKrayin CRM v2.2.x is vulnerable to SQL injection via the rotten_lead parameter in /Lead/LeadDataGrid.php, potentially allowing attackers to read sensitive data.
sql-injection
cve-2026-38528
krayin-crm
2r
1t
1c
critical
advisory
Webkul Krayin CRM BOLA Vulnerability (CVE-2026-38529)
2 rules 1 TTP 1 CVECVE-2026-38529 is a Broken Object-Level Authorization (BOLA) vulnerability in Webkul Krayin CRM v2.2.x that allows authenticated attackers to reset user passwords and take over accounts.
bola
cve-2026-38529
krayin-crm
account-takeover
2r
1t
1c