Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/krayin/laravel-crm@1.3.0

Type composer

Namespace krayin

Name laravel-crm

Version 1.3.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-4nkc-sk55-4kh6

vulnerability_id

VCID-4nkc-sk55-4kh6

summary

Webkul Krayin CRM has Server-Side Request Forgery (SSRF)
A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-38527

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.11214
published_at	2026-06-05T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.11107
published_at	2026-06-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.11094
published_at	2026-06-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.11174
published_at	2026-06-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.11208
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-38527

reference_url

https://github.com/krayin/laravel-crm

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T17:36:52Z/

url

https://github.com/krayin/laravel-crm

reference_url

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38527

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T17:36:52Z/

url

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38527

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-38527

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-38527

reference_url

https://github.com/advisories/GHSA-fpx9-9hq8-w2xc

reference_id

GHSA-fpx9-9hq8-w2xc

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fpx9-9hq8-w2xc

fixed_packages

aliases

CVE-2026-38527, GHSA-fpx9-9hq8-w2xc

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4nkc-sk55-4kh6

url

VCID-4qqp-bktd-sbbd

vulnerability_id

VCID-4qqp-bktd-sbbd

summary

Krayin CRM is vulnerable to Cross-site Scripting (XSS)
A vulnerability was identified in krayin laravel-crm up to 2.2. Impacted is the function composeMail of the file packages/Webkul/Admin/tests/e2e-pw/tests/mail/inbox.spec.ts of the component Activities Module/Notes Module. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is 73ed28d466bf14787fdb86a120c656a4af270153. To fix this issue, it is recommended to deploy a patch.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-5370

reference_id

reference_type

scores

value	0.0004
scoring_system	epss
scoring_elements	0.12405
published_at	2026-06-08T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12487
published_at	2026-06-07T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12522
published_at	2026-06-05T12:55:00Z

value	0.0004
scoring_system	epss
scoring_elements	0.12523
published_at	2026-06-06T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14718
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-5370

reference_url

https://github.com/krayin/laravel-crm

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/krayin/laravel-crm

reference_url

https://github.com/krayin/laravel-crm/commit/73ed28d466bf14787fdb86a120c656a4af270153

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:29:42Z/

url

https://github.com/krayin/laravel-crm/commit/73ed28d466bf14787fdb86a120c656a4af270153

reference_url

https://github.com/krayin/laravel-crm/issues/2419

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:29:42Z/

url

https://github.com/krayin/laravel-crm/issues/2419

reference_url

https://github.com/krayin/laravel-crm/pull/2466

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:29:42Z/

url

https://github.com/krayin/laravel-crm/pull/2466

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-5370

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-5370

reference_url

https://vuldb.com/submit/781666

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:29:42Z/

url

https://vuldb.com/submit/781666

reference_url

https://vuldb.com/vuln/354756

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:29:42Z/

url

https://vuldb.com/vuln/354756

reference_url

https://vuldb.com/vuln/354756/cti

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:29:42Z/

url

https://vuldb.com/vuln/354756/cti

reference_url

https://github.com/advisories/GHSA-9m2v-hc5g-5jpv

reference_id

GHSA-9m2v-hc5g-5jpv

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9m2v-hc5g-5jpv

reference_url

https://github.com/krayin/laravel-crm/

reference_id

laravel-crm

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

value	5.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T18:29:42Z/

url

https://github.com/krayin/laravel-crm/

fixed_packages

aliases

CVE-2026-5370, GHSA-9m2v-hc5g-5jpv

risk_score

2.3

exploitability

0.5

weighted_severity

4.6

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-4qqp-bktd-sbbd

url

VCID-5r6d-akm8-1ye9

vulnerability_id

VCID-5r6d-akm8-1ye9

summary

Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php
A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-38532

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11834
published_at	2026-06-06T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11719
published_at	2026-06-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11801
published_at	2026-06-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.1184
published_at	2026-06-05T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11731
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-38532

reference_url

https://github.com/krayin/laravel-crm

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T17:27:53Z/

url

https://github.com/krayin/laravel-crm

reference_url

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38532

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T17:27:53Z/

url

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38532

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-38532

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-38532

reference_url

https://github.com/advisories/GHSA-2xx8-j85v-j7wh

reference_id

GHSA-2xx8-j85v-j7wh

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2xx8-j85v-j7wh

fixed_packages

aliases

CVE-2026-38532, GHSA-2xx8-j85v-j7wh

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-5r6d-akm8-1ye9

url

VCID-dz8z-6bjh-e3cn

vulnerability_id

VCID-dz8z-6bjh-e3cn

summary

Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php
A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-38529

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.20058
published_at	2026-06-07T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20097
published_at	2026-06-06T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20008
published_at	2026-06-09T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19991
published_at	2026-06-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20102
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-38529

reference_url

https://github.com/krayin/laravel-crm

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T17:31:09Z/

url

https://github.com/krayin/laravel-crm

reference_url

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38529

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T17:31:09Z/

url

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38529

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-38529

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-38529

reference_url

https://github.com/advisories/GHSA-r8rp-5f55-5j9x

reference_id

GHSA-r8rp-5f55-5j9x

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r8rp-5f55-5j9x

fixed_packages

aliases

CVE-2026-38529, GHSA-r8rp-5f55-5j9x

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-dz8z-6bjh-e3cn

url

VCID-srhn-supa-z3bn

vulnerability_id

VCID-srhn-supa-z3bn

summary

Webkul Krayin CRM has Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php
A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any lead owned by other users via supplying a crafted GET request.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-38530

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11834
published_at	2026-06-06T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11719
published_at	2026-06-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11801
published_at	2026-06-07T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.1184
published_at	2026-06-05T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11731
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-38530

reference_url

https://github.com/krayin/laravel-crm

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T17:28:44Z/

url

https://github.com/krayin/laravel-crm

reference_url

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38530

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-14T17:28:44Z/

url

https://github.com/TREXNEGRO/Security-Advisories/tree/main/CVE-2026-38530

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-38530

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-38530

reference_url

https://github.com/advisories/GHSA-rm5f-3c25-p4cw

reference_id

GHSA-rm5f-3c25-p4cw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rm5f-3c25-p4cw

fixed_packages

aliases

CVE-2026-38530, GHSA-rm5f-3c25-p4cw

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-srhn-supa-z3bn

url VCID-zfmq-rpck-7kc5

vulnerability_id VCID-zfmq-rpck-7kc5

summary

Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in `/admin/contacts/organizations/edit/2`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45932

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16871
published_at	2026-06-07T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16808
published_at	2026-06-09T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.1679
published_at	2026-06-08T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16913
published_at	2026-06-05T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16908
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45932

reference_url

https://github.com/krayin/laravel-crm

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/krayin/laravel-crm

reference_url

https://krayincrm.com

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://krayincrm.com

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45932

reference_id

CVE-2024-45932

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45932

reference_url

https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Laravel%20CRM%20v1.3.0/CVE-2024-45932.md

reference_id

CVE-2024-45932.MD

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	4.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T17:00:52Z/

url

https://github.com/AslamMahi/CVE-Aslam-Mahi/blob/main/Laravel%20CRM%20v1.3.0/CVE-2024-45932.md

reference_url

https://github.com/advisories/GHSA-74q2-6jp4-3rqq

reference_id

GHSA-74q2-6jp4-3rqq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-74q2-6jp4-3rqq

reference_url

http://TobeReleased.com

reference_id

TobeReleased.com

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T17:00:52Z/

url

http://TobeReleased.com

fixed_packages

url pkg:composer/krayin/laravel-crm@2.0.0-BETA-1

purl pkg:composer/krayin/laravel-crm@2.0.0-BETA-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4nkc-sk55-4kh6

vulnerability	VCID-4qqp-bktd-sbbd

vulnerability	VCID-5r6d-akm8-1ye9

vulnerability	VCID-dz8z-6bjh-e3cn

vulnerability	VCID-srhn-supa-z3bn

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/krayin/laravel-crm@2.0.0-BETA-1

aliases CVE-2024-45932, GHSA-74q2-6jp4-3rqq

risk_score 3.2

exploitability 0.5

weighted_severity 6.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zfmq-rpck-7kc5

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/krayin/laravel-crm@1.3.0

Package Instance