9 matches found
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. Patches This has been fixed in pypdf==6.7.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3655...
CVE-2026-27628
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...
ChurchCRM SQL Injection Vulnerability (CNVD-2026-12565)
ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.7.2, which stems from the lack of validation of external input SQL statements in the PerID parameter in the /PaddleNumEditor.php endpoint. An attacker c...
CVE-2026-24854
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
CVE-2026-24855
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...
CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
PT-2024-25555 · WordPress · Wp Media Cleaner
Name of the Vulnerable Software and Affected Versions: WP Media Cleaner versions through 6.7.2 Description: The issue is related to the insertion of sensitive information into log files. This could potentially expose sensitive data. There is no information provided about the estimated number of...
CVE-2021-43052
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...
CVE-2021-43052
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the...