CVE-2026-40581

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint SelectDelete.php performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a...

EUVD-2026-23620

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint SelectDelete.php performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a...

CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

CVE-2026-40484

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

CVE-2026-40304

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the operator.write message-tool. An attacker can modify persistent Matrix profile configuration without proper authorization by sending crafted requests throug...

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

Summary Matrix profile config persistence was reachable from operator.write message tools. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Gateway operator.write message-tool paths could reach Matrix profile persistence that should have...

Incorrect Authorization

Overview @openclaw/matrix is an OpenClaw Matrix channel plugin Affected versions of this package are vulnerable to Incorrect Authorization via the operator.write message-tool. An attacker can modify persistent Matrix profile configuration without proper authorization by sending crafted requests...

Incorrect Authorization

Overview @openclaw/nostr is an OpenClaw Nostr channel plugin for NIP-04 encrypted DMs Affected versions of this package are vulnerable to Incorrect Authorization through the operator.write configuration. An attacker can modify and persist unauthorized profile configurations by sending crafted HTT...

OpenClaw: Nostr profile mutation routes allowed operator.write config persistence

Summary Nostr profile mutation routes allowed operator.write config persistence. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Nostr plugin HTTP profile routes could persist profile config through a path that did not require admin...

GHSA-F3H5-H452-VP3J OpenClaw: Nostr profile mutation routes allowed operator.write config persistence

Summary Nostr profile mutation routes allowed operator.write config persistence. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Nostr plugin HTTP profile routes could persist profile config through a path that did not require admin...

OpenClaw: Memory dreaming config persistence was reachable from operator.write commands

Summary Memory dreaming config persistence was reachable from operator.write commands. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 = 2026.4.10 Impact A write-scoped gateway path could toggle persistent memory dreaming settings through /dreamin...

GHSA-5GJC-GRVM-M88J OpenClaw: Memory dreaming config persistence was reachable from operator.write commands

Summary Memory dreaming config persistence was reachable from operator.write commands. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.5 = 2026.4.10 Impact A write-scoped gateway path could toggle persistent memory dreaming settings through /dreamin...

CVE-2026-40304

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

CVE-2026-40304 zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

CVE-2026-40304 zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler controller/unaccess.go contains a logical error in its ownership guard: when a frontend record has environmentid = NULL the marker for admin-created global frontends, the conditio...

CVE-2026-40304

CVE-2026-40304 affects the zrok controller, where the unaccess handler (controller/unaccess.go) uses a faulty ownership guard. If a frontend record has environment_id = NULL (global admin-created frontends), the guard may short-circuit to false, letting a non-admin with a valid global frontend to...

CVE-2026-33569

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

CVE-2026-33569 Anviz Products Cleartext Transmission of Sensitive Information

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

EUVD-2025-209469

An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authenticated user with view-only privileges for the Threat Intelligence functionality can perform...