Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/02/25 4:9 p.m.6 views

pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. Patches This has been fixed in pypdf==6.7.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3655...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:45 a.m.7 views

CVE-2026-27628

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

7.5CVSS5.3AI score0.00346EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2026/02/05 12:0 a.m.4 views

ChurchCRM SQL Injection Vulnerability (CNVD-2026-12565)

ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.7.2, which stems from the lack of validation of external input SQL statements in the PerID parameter in the /PaddleNumEditor.php endpoint. An attacker c...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/31 3:21 p.m.6 views

CVE-2026-24854

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References1
NVD
NVD
added 2026/01/30 4:16 p.m.5 views

CVE-2026-24855

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...

8.5CVSS0.00209EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/30 3:5 p.m.5 views

CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php

ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...

8.8CVSS5.9AI score0.00352EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.10 views

PT-2024-25555 · WordPress · Wp Media Cleaner

Name of the Vulnerable Software and Affected Versions: WP Media Cleaner versions through 6.7.2 Description: The issue is related to the insertion of sensitive information into log files. This could potentially expose sensitive data. There is no information provided about the estimated number of...

5.3CVSS6.5AI score0.00447EPSS
Exploits0References6
OSV
OSV
added 2022/01/11 7:15 p.m.4 views

CVE-2021-43052

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...

7.5CVSS7.1AI score0.00854EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/01/11 5:0 p.m.2 views

CVE-2021-43052

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...

9.3CVSS7.1AI score0.00854EPSS
Exploits0References3
Rows per page
Query Builder