Known Vulnerabilities for products from Webkul
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Webkul".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-38532 json | Not Provided | 2026-04-14 | 2026-04-14 | |
| CVE-2026-38530 json | A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x a... | Not Provided | 2026-04-14 | 2026-04-23 |
| CVE-2026-38529 json | A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows au... | Not Provided | 2026-04-14 | 2026-04-23 |
| CVE-2026-38527 json | Not Provided | 2026-04-14 | 2026-04-14 | |
| CVE-2026-38526 json | Not Provided | 2026-04-14 | 2026-04-14 | |
| CVE-2026-36341 json | Not Provided | 2026-05-07 | 2026-05-07 | |
| CVE-2026-5370 json | Not Provided | 2026-04-02 | 2026-04-03 | |
| CVE-2025-29009 json | Not Provided | 2025-07-16 | 2026-04-23 | |
| CVE-2025-6173 json | A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functi... | Not Provided | 2025-06-17 | 2026-04-29 |
| CVE-2023-51210 json | 9.8 - CRITICAL | 2024-01-23 | 2024-01-29 | |
| CVE-2023-39147 json | An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted ima... | 7.8 - HIGH | 2023-08-01 | 2023-08-04 |
| CVE-2023-37636 json | A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary w... | 5.4 - MEDIUM | 2023-10-23 | 2023-10-30 |
| CVE-2023-36289 json | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user... | 6.1 - MEDIUM | 2023-06-23 | 2023-06-29 |
| CVE-2023-36288 json | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user... | 5.4 - MEDIUM | 2023-06-23 | 2023-06-29 |
| CVE-2023-36287 json | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user... | 6.1 - MEDIUM | 2023-06-23 | 2023-06-29 |
| CVE-2023-36284 json | An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_produc... | 7.5 - HIGH | 2023-06-23 | 2023-06-30 |
| CVE-2023-36235 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2024-01-17 | 2024-01-24 |
| CVE-2023-33570 json | Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). | 8.8 - HIGH | 2023-06-28 | 2023-07-10 |
| CVE-2023-30256 json | Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information v... | 6.1 - MEDIUM | 2023-05-11 | 2023-05-24 |
| CVE-2023-2925 json | A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of t... | 5.4 - MEDIUM | 2023-05-27 | 2023-11-07 |
Known software with vulnerabilities from Webkul
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Webkul | Bagisto | 0.1.0 |