CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

CVE-2025-48076

Galette (open-source membership management app) contains a cross-site scripting (XSS) vulnerability in versions 1.1.5.2 and earlier, arising from the ability to edit a group name and insert an XSS payload. The issue is resolved in version 1.2.0. No exploitation details are provided beyond the XSS...

CVE-2025-5459

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0...

Puppet Enterprise Administration Module 安全漏洞

Puppet Enterprise Administration Module PEADM is an open source Puppet module from Puppet that defines the Bolt program. It is used to automate Puppet Enterprise deployments. A security vulnerability exists in the Puppet Enterprise Administration Module versions 2018.1.8 through 2023.8.3 and...