Known Vulnerabilities for products from Webkul
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Webkul".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-38532 json | A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x ... | Not Provided | 2026-04-14 | 2026-04-23 |
| CVE-2026-38530 json | A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x a... | Not Provided | 2026-04-14 | 2026-04-23 |
| CVE-2026-38529 json | A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows au... | Not Provided | 2026-04-14 | 2026-04-23 |
| CVE-2026-36341 json | Not Provided | 2026-05-07 | 2026-05-07 | |
| CVE-2025-29009 json | Not Provided | 2025-07-16 | 2026-04-23 | |
| CVE-2025-6173 json | A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functi... | Not Provided | 2025-06-17 | 2026-04-29 |
| CVE-2024-45932 json | Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organization... | Not Provided | 2024-10-07 | 2026-07-05 |
| CVE-2023-51210 json | 9.8 - CRITICAL | 2024-01-23 | 2024-01-29 | |
| CVE-2023-39147 json | An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted ima... | 7.8 - HIGH | 2023-08-01 | 2023-08-04 |
| CVE-2023-37636 json | A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary w... | 5.4 - MEDIUM | 2023-10-23 | 2023-10-30 |
| CVE-2023-36289 json | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user... | 6.1 - MEDIUM | 2023-06-23 | 2023-06-29 |
| CVE-2023-36288 json | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user... | 5.4 - MEDIUM | 2023-06-23 | 2023-06-29 |
| CVE-2023-36287 json | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user... | 6.1 - MEDIUM | 2023-06-23 | 2023-06-29 |
| CVE-2023-36284 json | An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_produc... | 7.5 - HIGH | 2023-06-23 | 2023-06-30 |
| CVE-2023-36235 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2024-01-17 | 2024-01-24 |
| CVE-2023-33570 json | Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). | 8.8 - HIGH | 2023-06-28 | 2023-07-10 |
| CVE-2023-30256 json | Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information v... | 6.1 - MEDIUM | 2023-05-11 | 2023-05-24 |
| CVE-2023-2925 json | A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of t... | 5.4 - MEDIUM | 2023-05-27 | 2023-11-07 |
| CVE-2021-41924 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-06-21 | 2022-06-28 |
| CVE-2019-16403 json | In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders... | 8.8 - HIGH | 2019-09-18 | 2020-08-24 |
Known software with vulnerabilities from Webkul
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Webkul | Bagisto | 0.1.0 |