CVE-2026-40482

ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.2.0 contained security vulnerabilities. These vulnerabilities stemmed from uncleaned inputs in the FinancialService::getMemberByScanString function, which could lead to SQL injection attacks...

EUVD-2026-23593

ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...

CVE-2026-40482

ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...

PT-2026-33526

ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...

PT-2025-41838

Name of the Vulnerable Software and Affected Versions SAP Financial Service Claims Management affected versions not specified Description An issue in the RFC function ICL USER GET NAME AND ADDRESS within SAP Financial Service Claims Management allows for user enumeration and potential disclosure ...

SAP Financial Service Claims Management 安全漏洞

SAP Financial Service Claims Management is a financial services web platform from SAP, Germany. A security vulnerability exists in SAP Financial Service Claims Management that stems from a response discrepancy in the ICLUSERGETNAMEANDADDRESS RFC function, which could lead to user enumeration and...

ThinkApe system suffers from information leakage vulnerability

Scope ®️ is part of Shanghai Yingce Information Technology Co., Ltd, a financial shared service solution provider in China. An unauthorized access vulnerability exists in the ThinkApe system, which can be exploited by attackers to obtain sensitive information...

SQL Injection Vulnerability in Application Security Gateway Financial Business Management of Beijing Xinan Century Technology Co.

hereinafter referred to as Principal Century was founded in August 2001, and is committed to the security realization of traditional Internet, internal network of organizations and mobile network in the fields of communication transmission, transaction process and network resource protection. A S...

Mysterious database exposed personal information of 80 million US households

Word has broken of yet another massive data trove exposed for anyone to see. A research team from vpnMentor discovered an exposed 24GB database hosted on a Microsoft cloud server containing the addresses, income levels, and marital statuses of users within 80 million US households. As we’ve seen...

cpe.vtc.edu.hk XSS vulnerability

Vulnerable URL: http://cpe.vtc.edu.hk/en/programmes/programme-search/1093dealingwithbusinessandpeoplesuccessfullyintheinternetagefinancialserviceprofessionalsmodule2howtomakeyourbusinessmoresuccessfulintheinternetagesfinancialserviceindustry732f2? Details: Description| Value ---|--- Patched:| Yes...

PayPal Inc BB #59 - Persistent Mail Encoding Vulnerability

Document Title: =============== PayPal Inc BB 59 - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=844 PayPal Security UID: CabdfGa Release Date: ============= 2014-09-23 Vulnerability Laboratory ID VL-ID:...

New Phishing attack targets Italian Postal and Financial service again

A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links. Sophos experts detected this week an intriguing case of phishing against the Italian postal service...

New Phishing attack targets Italian Postal and Financial service again

A phishing attack is a complex combination of technology and psychology. There are numerous ways in which people are being made fools and they can be conned by hitting on unsecured website links. Sophos experts detected this week an intriguing case of phishing against the Italian postal service...

PayPal Mail Encoding Script Insertion

Document Title: =============== PayPal Inc Bug Bounty 61 - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=846 PayPal Security UID: bzbe1he Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID:...