Lucene search
K

15 matches found

Patchstack
Patchstack
added 2026/05/14 4:21 p.m.11 views

WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Advanced Access Manager versions = 7.1.0...

5.8AI score0.00394EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/07 5:58 p.m.4 views

CVE-2026-39339 ChurchCRM has an API Authentication Bypass

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware ChurchCRM/Slim/Middleware/AuthMiddleware.php allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere...

9.1CVSS5.9AI score0.01351EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 5:32 p.m.11 views

CVE-2026-39328

ChurchCRM before 7.1.0 has a stored XSS in the person profile editing feature. Non-admin users with EditSelf can inject JavaScript into Facebook, LinkedIn, and X profile fields; due to a 50-character limit, payloads span all three fields and chain onfocus handlers to execute when a profile is vie...

8.9CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-30887

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...

7.6CVSS6AI score0.00168EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.12 views

PT-2026-30967

ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting XSS vulnerability on the login page, which is caused by the lack of sanitization or encoding of the username parameter received from the URL. The username parameter value is directly...

8.1CVSS7.2AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/04/06 4:16 p.m.7 views

CVE-2026-34402

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to...

0.00021EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/02 3:10 p.m.5 views

CVE-2025-15395

IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability...

4.3CVSS5.3AI score0.00176EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/02 3:10 p.m.15 views

CVE-2025-15395

CVE-2025-15395 affects IBM Engineering Lifecycle Management - Jazz Foundation. The vulnerability is an access control violation in Jazz Foundation components: IBM Jazz Foundation 7.0.3 with iFix019 and 7.1.0 with iFix005. Root cause details are not expanded beyond the access-control bypass in the...

5.4CVSS5.3AI score0.00176EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2025/12/19 3:18 p.m.20 views

XXE (XML External Entity Injection) in Crowd Data Center and Server

This High severity XXE XML External Entity Injection vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE XML External Entity Injection vulnerability, with a CVSS Score of 7.9, allows an authenticated attacker to access local and remote content which has high...

7.9CVSS5.5AI score0.00297EPSS
Exploits0
Fedora
Fedora
added 2025/11/29 5:7 p.m.9 views

[SECURITY] Fedora 42 Update: drupal7-7.103-1.fc42

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

9.8CVSS9AI score0.00956EPSS
Exploits0
Patchstack
Patchstack
added 2025/01/03 6:4 p.m.5 views

WordPress Popular Posts plugin <= 7.1.0 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by mikemyers in WordPress Plugin Popular Posts versions = 7.1.0...

7.3CVSS7.1AI score0.00503EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/09/14 12:0 a.m.5 views

WordPress Plugin Booster for WooCommerce Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.8AI score0.00491EPSS
Exploits0References4
OSV
OSV
added 2020/03/31 3:15 p.m.4 views

CVE-2020-4236

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409...

6.5CVSS6.6AI score0.01383EPSS
Exploits0References2
CNVD
CNVD
added 2018/08/01 12:0 a.m.3 views

McAfee Drive Encryption TPM autoboot authentication bypass vulnerability

McAfee Drive Encryption MDE is a suite of full disk encryption software from the American company McAfee. The software is mainly used to protect data on tablets, laptops and desktop computers with Microsoft Windows to prevent the loss of sensitive data.TPM autoboot is one of the TPM autoboot...

7CVSS6.3AI score0.00242EPSS
Exploits0References1
OSV
OSV
added 2018/07/13 5:29 p.m.5 views

CVE-2018-1255

RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a...

6.1CVSS5.8AI score0.01304EPSS
Exploits0References2
Rows per page
Query Builder