CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/07 6:5 p.m.•4 views

CVE-2026-39319 ChurchCRM has a Second Order SQLI via FundRaiserEditor.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authenticated but doesn't need any privileges. These users can inject arbitrary SQL statements through th...

8.8CVSS6AI score0.00244EPSS

Exploits0References1

RedhatCVE•added 2026/04/06 5:0 p.m.•3 views

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

RedHat Linux•added 2026/04/06 4:24 p.m.•2 views

Exploits0References1

kernel: svcrdma: use rc_pageoff for memcpy byte offset

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

5.9AI score0.00166EPSS

OpenVAS•added 2026/04/06 12:0 a.m.•3 views

Slackware: Security Advisory (SSA:2026-093-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS7.1AI score0.02421EPSS

Exploits3References2

CVE•added 2026/04/05 2:30 p.m.•10 views

CVE-2026-5573

Affects Technostrobe HI-LED-WR120-G2 (firmware 5.5.0.1R6.03.30). The CVE describes a flaw in an unknown function of the file /fs where manipulation of the argument cwd can lead to an unrestricted upload. The attack is described as remotely launchable with a publicly available exploit. The vendor ...

9.8CVSS6.7AI score0.0052EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/04/05 12:0 a.m.•6 views

Technostrobe HI-LED-WR120-G2 代码问题漏洞

Technostrobe HI-LED-WR120-G2 is a high-brightness industrial strobe lighting device from the Canadian company Technostrobe. The version 5.5.0.1R6.03.30 of Technostrobe HI-LED-WR120-G2 contains a code vulnerability. This vulnerability stems from incorrect handling of the cwd parameter in the file...

9.8CVSS7.3AI score0.0052EPSS

Exploits1References5

vulnersOsv•added 2026/04/03 9:42 p.m.•3 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2026-33951 via signalk-server (=1.46.3)

signalk-server NPM version =1.46.3 is affected by a known vulnerability. The following packages have a transitive dependency on signalk-server and may be impacted: - current-impact =1.0.0 - nmea-streamer =1.0.1, =2.2.0 Source cves: CVE-2026-33951 Source advisory: OSV:GHSA-GFMV-VH34-H2X5...

7.5CVSS5.8AI score0.0031EPSS

Exploits0

vulnersOsv•added 2026/04/03 9:37 p.m.•3 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2026-33950 via signalk-server (=1.46.3)

9.4CVSS5.8AI score0.00418EPSS

Exploits1

EUVD•added 2026/04/03 9:31 p.m.•0 views

EUVD-2026-18825

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS

EUVD•added 2026/04/03 6:31 p.m.•2 views

EUVD-2026-18799

NVD•added 2026/04/03 4:16 p.m.•2 views

CVE-2026-5471

4.8CVSS0.00141EPSS

Cvelist•added 2026/04/03 3:45 p.m.•21 views

CVE-2026-5471 Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key

4.8CVSS0.00141EPSS

CVE•added 2026/04/03 3:45 p.m.•5 views

CVE-2026-5471

Investory Toy Planet Trouble App (Android) up to v1.5.5 is affected by CVE-2026-5471 in the component app.investory.toyfactory, specifically the file assets/google-services-desktop.json. The issue arises from manipulation of the argument current_key, leading to the use of a hard-coded cryptograph...

vulnersOsv•added 2026/04/03 4:4 a.m.•3 views

current-impact (=1.0.0), nmea-streamer (>=1.0.1 <=2.2.0) potentially affected by CVE-2026-35038 via signalk-server (=1.46.3)

6.5CVSS5.8AI score0.00308EPSS

Exploits1

CNNVD•added 2026/04/03 12:0 a.m.•5 views

Investory Toy Planet Trouble App 安全漏洞

Investory Toy Planet Trouble App is an educational adventure game app developed by Investory. Versions of Investory Toy Planet Trouble App prior to 1.5.5 contained a security vulnerability, which was caused by the use of a hardcoded encryption key for the parameter currentkey...

4.8CVSS5.8AI score0.00141EPSS

Positive Technologies•added 2026/04/03 12:0 a.m.•3 views

PT-2026-30194