Lucene search
K

13 matches found

NVD
NVD
added 2026/04/18 12:16 a.m.3 views

CVE-2026-40582

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication...

9.1CVSS0.00502EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/17 11:7 p.m.34 views

CVE-2026-40480 ChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}`

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/personId endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson restrictions, the API layer...

7.1CVSS0.00336EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

Keyfactor SignServer 安全漏洞

Keyfactor SignServer is a digital signature engine from Keyfactor USA. A security vulnerability exists in Keyfactor SignServer versions prior to 7.2, which stems from an error in the container startup logic and could result in a reset configuration to allowany...

4.7CVSS6.6AI score0.0013EPSS
Exploits0References3
OSV
OSV
added 2025/10/21 12:0 a.m.3 views

UBUNTU-CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...

10CVSS5.8AI score0.6332EPSS
Exploits1References6
NVD
NVD
added 2025/08/21 3:15 p.m.7 views

CVE-2025-53251

Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through 7.2...

9.9CVSS0.00307EPSS
Exploits0References1
CVE
CVE
added 2025/08/21 2:43 p.m.25 views

CVE-2025-53251

CVE-2025-53251 pertains to WordPress Pin WP theme versions earlier than 7.2, where an Unrestricted Upload of File with Dangerous Type enables uploading a web shell to the web server. The issue affects Pin WP

9.9CVSS5.9AI score0.00307EPSS
Exploits0References1
OSV
OSV
added 2024/10/07 8:15 p.m.3 views

UBUNTU-CVE-2024-31227

Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users...

4.4CVSS6.1AI score0.00397EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.6 views

PT-2023-5994 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiManager versions 7.4.0 and before 7.2.3 Fortinet FortiAnalyzer versions 7.4.0 and before 7.2.3 Description: The issue is related to the implementation of client-side security features. It may allow a remote attacker with low...

6.8CVSS7.1AI score0.01372EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.6 views

PT-2022-20714 · Proxmox · Proxmox Virtual Environment

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment versions prior to 7.2-3 Description: A reflected cross-site scripting XSS issue allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under the path "/api2/html/". This enables...

9CVSS8.2AI score0.01273EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2022/09/06 4:15 p.m.10 views

CVE-2022-26114

An improper neutralization of input during web page generation vulnerability CWE-79 in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages...

6.1CVSS5.8AI score0.00388EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2016/04/22 10:59 a.m.5 views

CVE-2016-1595

LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language HQL injection attacks and obtain sensitive information via the entityName parameter...

6.5CVSS5.8AI score0.06606EPSS
Exploits3References5
CNVD
CNVD
added 2016/01/06 12:0 a.m.5 views

IBM Security QRadar SIEM Cross-Site Scripting Vulnerability

IBM Security QRadar SIEM is an IBM USA solution that consolidates log-sourced event data from thousands of devices and applications dispersed throughout the network. The solution stores each event in its raw form and then performs instant correlation of events to differentiate between actual...

5.4CVSS5.9AI score0.00622EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/02/10 5:29 p.m.7 views

gc: malloc() and calloc() overflows

Multiple integer overflows in the 1 GCgenericmalloc and 2 calloc functions in malloc.c, and the 3 GCgenericmallocignoreoffpage function in mallocx.c in Boehm-Demers-Weiser GC libgc before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows...

5CVSS5.9AI score0.02766EPSS
Exploits1References4
Rows per page
Query Builder