CVE-2026-10283
6.3 MEDIUMA vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 6.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- CWE
- CWE-287, CWE-306
Description
A vulnerability was detected in Bottelet DaybydayCRM up to 2.2.1. Affected is an unknown function of the component Setting Handler. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. It is recommended to apply a patch to fix this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10283
- [Other]https://github.com/Bottelet/DaybydayCRM/
- [Other]https://github.com/Bottelet/DaybydayCRM/issues/348
- [Other]https://github.com/Bottelet/DaybydayCRM/pull/363
- [Other]https://vuldb.com/cve/CVE-2026-10283
- [Other]https://vuldb.com/submit/825442
- [Other]https://vuldb.com/submit/825443
- [Other]https://vuldb.com/vuln/367576
- [Other]https://vuldb.com/vuln/367576/cti
Related CVEs
Same CWE
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-53868 — Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses ... (7.5 HIGH)
- CVE-2026-50287 — AgenticMail gives AI agents real email addresses and phone numbers
- CVE-2026-53981 — Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary ... (7.6 HIGH)
- CVE-2026-50085 — The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker wit... (8.6 HIGH)