CVE-2026-38528EXPLOITED

n/a · n/a

CVE-2026-38528: Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDat

Description

Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-38528 | Krayin CRM 2.2.x /Lead/LeadDataGrid.php rotten_lead sql injection

→ No new info (linked only)

CVSS 3.17.1 HIGH

VectorCVSS:3.1/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:U/UI:N

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 14, 2026

Last enriched4h agov2

Trending Score46

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-65135EXP

CVE-2025-65135: In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin

Trending: 57

HIGHCVE-2026-38530EXP

CVE-2026-38530: A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.

Trending: 51

HIGHCVE-2026-38529EXP

CVE-2026-38529: A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allo

Trending: 51

MEDIUMCVE-2025-65136EXP

CVE-2025-65136: In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php v

Trending: 50

MEDIUMCVE-2025-65132EXP

CVE-2025-65132: alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which a

Trending: 50

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026

Updated: severity, activelyExploited

Apr 14, 2026

Actively Exploited

Apr 14, 2026

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v15h ago

Initial creation