CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

62 matches found

EUVD-2026-33711

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

4.3CVSS5.8AI score0.0003EPSS

Exploits1References4

NVD•added 2026/04/09 4:16 p.m.•1 views

CVE-2026-39941

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

6.1CVSS0.00051EPSS

Exploits1References3

EUVD•added 2026/04/09 3:38 p.m.•0 views

EUVD-2026-20948

5.3CVSS6.1AI score0.00051EPSS

Exploits1References3

CVE•added 2026/04/09 3:38 p.m.•2 views

CVE-2026-39941

ChurchCRM (open-source church management system) has a stored XSS vulnerability up to version 7.0.x, where attacker-supplied input in EditEventAttendees.php (EName and EDesc) is rendered without proper output encoding, allowing arbitrary JavaScript execution in victims’ browsers. The issue is fix...

6.1CVSS6.1AI score0.00051EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/09 3:38 p.m.•19 views

CVE-2026-39941 ChurchCRM has an XSS vulnerability

5.3CVSS0.00051EPSS

Exploits1References3

ATTACKERKB•added 2026/04/09 3:38 p.m.•3 views

CVE-2026-39941

5.3CVSS6.1AI score0.00051EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/04/09 12:0 a.m.•2 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from improper encoding of the EName and EDesc parameters in the EditEventAttendees.php file, which could lead to cross-site scripti...

6.1CVSS5.6AI score0.00051EPSS

Exploits1References4

RedhatCVE•added 2026/03/26 3:11 p.m.•1 views

CVE-2026-32851

MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by crafting a malicious URL. Attackers can inject malicious code through the Attendees parameter in...

5.1CVSS6AI score0.00026EPSS

Exploits1References1

CNVD•added 2026/03/26 12:0 a.m.•3 views

MailEnable Attendees Parameter Cross-Site Scripting Vulnerability

MailEnable is a Windows-based business email server. A cross-site scripting vulnerability exists in the MailEnable Attendees parameter, which stems from improper cleanup of the Attendees parameter in the FreeBusy.aspx form in the Webmail interface, and can be exploited by an attacker to execute...

6.1CVSS5.9AI score0.00026EPSS

Exploits1

EUVD•added 2026/03/23 9:30 p.m.•2 views

EUVD-2026-14520

5.1CVSS6AI score0.00026EPSS

Exploits1References6

NVD•added 2026/03/23 8:16 p.m.•2 views

CVE-2026-32851

6.1CVSS0.00026EPSS

Exploits1References5

Cvelist•added 2026/03/23 7:6 p.m.•21 views

CVE-2026-32851 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter

5.1CVSS0.00026EPSS

Exploits1References5

ATTACKERKB•added 2026/03/23 7:6 p.m.•1 views

CVE-2026-32851

6.1CVSS6AI score0.00026EPSS

Exploits1References7

CVE•added 2026/03/23 7:6 p.m.•5 views

CVE-2026-32851

MailEnable versions prior to 10.55 contain a reflected XSS in the webmail FreeBusy.aspx Attendees parameter. The Attendees value is embedded into dynamically generated JavaScript without proper sanitization, allowing an attacker to craft a URL that executes arbitrary JavaScript in a victim’s brow...

6.1CVSS6AI score0.00026EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2026/03/23 7:6 p.m.•2 views

CVE-2026-32851 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter

5.1CVSS6AI score0.00026EPSS

Exploits1References5

Positive Technologies•added 2026/03/23 12:0 a.m.•2 views

PT-2026-27180

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.55 Description The software contains a reflected cross-site scripting issue in the webmail interface. This allows remote attackers to execute arbitrary JavaScript in a victim’s browser by using a malicious URL...

6.1CVSS6AI score0.00026EPSS

Exploits1References8

CNNVD•added 2026/03/23 12:0 a.m.•2 views

MailEnable 跨站脚本漏洞

6.1CVSS5.9AI score0.00026EPSS

Exploits1References5

Cvelist•added 2025/12/17 9:38 p.m.•10 views

CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

9.6CVSS0.00043EPSS

Exploits1References1

Vulnrichment•added 2025/12/17 9:38 p.m.•1 views

CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php

9.6CVSS7.7AI score0.00043EPSS

Exploits1References1

CVE•added 2025/12/17 9:38 p.m.•7 views

CVE-2025-68112

ChurchCRM (open-source church management system) has a SQL injection vulnerability in the Event Attendee Editor (and Event Participant Editor) affecting versions prior to 6.5.3. The issue allows authenticated users to submit arbitrary SQL, enabling complete database compromise, extraction of sens...

9.6CVSS7.7AI score0.00043EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by