CVE-2026-39329

CVE-2026-39329 – ChurchCRM SQL injection : Affected: ChurchCRM prior to 7.1.0. Description: Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerability occurs in the ON DUPLICATE KEY UPDATE path where unescaped user ...

EUVD-2026-19824

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can inject SQL via the newEvtTypeCntLst parameter during event type creation. The vulnerable flow reach...

EUVD-2025-200233

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

CVE-2025-11783

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

CVE-2025-11783 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

CVE-2025-11783 Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50

Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The vulnerability is found in the 'AddEvent' function when copying the user-controlled username input to a fixed-size buffer 48 bytes without boundary checking. This can lead to memory corruption, resulting in...

CVE-2025-11783

Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 contains a stack-based buffer overflow in AddEvent() caused by copying the user-controlled username into a fixed 48-byte buffer without boundary checks. This can lead to memory corruption and remote code execution. Public details across sources consistently c...

CIRCUTOR SGE-PLC1000和CIRCUTOR SGE-PLC50 安全漏洞

The CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 are both a network concentrator from CIRCUTOR Spain. A security vulnerability exists in the CIRCUTOR SGE-PLC1000 and CIRCUTOR SGE-PLC50 version v9.0.2, which stems from the AddEvent function not validating the length of the username input, which cou...

SeedDMS 跨站脚本漏洞

SeedDMS is a free document management system with an easy-to-use web-based user interface. A cross-site scripting vulnerability exists in the AddEvent.php component in SeedDMS version 6.0.7. The vulnerability can be exploited to inject malicious script code via the name and comment parameters...

CVE-2005-4199

MyBB prior to 1.0 is affected by multiple SQL injection vulnerabilities. The public details identify concrete vectors, notably the month parameter in calendar.php (SQLi), and additional parameters in usercp.php, member.php, and showthread/ratethread.php. This is a documented remote, unauthenticat...