Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2025/12/17 10:16 p.m.5 views

CVE-2025-68110

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue...

9.9CVSS0.00355EPSS
Exploits1References1
CVE
CVEadded 2025/12/17 9:35 p.m.12 views

CVE-2025-68111

ChurchCRM is affected by a SQL injection in the eGive.php file (ReImport) for versions prior to 6.5.3. An authenticated user with finance privileges can manipulate the MissingEgive_FamID_... POST parameter to execute arbitrary SQL, leading to unauthorized data access, modification, or deletion wi...

7.2CVSS7.7AI score0.00315EPSS
Exploits1References1Affected Software1
EUVD
EUVDadded 2025/12/17 9:25 p.m.4 views

EUVD-2025-203991

ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a SQL injection vulnerability in the src/CartToFamily.php file, specifically in how the PersonAddress POST parameter is handled. Unlike other parameters in the same file which are correctly cast to integers using t...

8.7CVSS7.5AI score0.00314EPSS
Exploits1References1
CVE
CVEadded 2025/12/17 7:10 p.m.14 views

CVE-2025-66396

ChurchCRM exposes a SQL injection in src/UserEditor.php affecting versions prior to 6.5.3. The vulnerability arises when an administrator saves user configuration settings: the code iterates over the POST type parameter array, uses the array key (expected numeric id) directly in SELECT/UPDATE que...

7.2CVSS8AI score0.00346EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2025/12/17 12:0 a.m.4 views

ChurchCRM SQL注入漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that originates from the unvalidated familyId parameter in legacy endpoints/Reports/ConfirmReportEmail.php, and no details of the vulnerability are provided at this time...

9.3CVSS5.8AI score0.00323EPSS
Exploits3References2
CNNVD
CNNVDadded 2025/12/17 12:0 a.m.5 views

ChurchCRM 安全漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from an information disclosure vulnerability that originates from the disclosure of database information in an error message, which can be exploited by an attacker to cause the disclosure of database information, including...

9.9CVSS5.8AI score0.00355EPSS
Exploits1References2
OSV
OSVadded 2023/11/17 5:15 a.m.2 views

CVE-2023-47675

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command...

7.2CVSS7.5AI score0.00981EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/09/09 12:0 a.m.2 views

PT-2023-9370 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.5.3 Description: The issue is related to a use-after-free bug in the Linux kernel. This bug occurs because the original code puts flush work before timer shutdown sync in switch drv remove, allowing the worker...

9.8CVSS6.7AI score0.02701EPSS
Exploits7References989
Rows per page
Query Builder