Lucene search
K

668 matches found

CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 6.5.3 contained security vulnerabilities. These vulnerabilities stemmed from the use of a specially crafted URL in the Referer request header, which could trigger server-side HTTP/HTTPS requests to...

7CVSS5.9AI score0.00296EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

ChurchCRM 代码问题漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 6.5.3 had code vulnerabilities. These vulnerabilities stemmed from path traversal vulnerabilities in the backup restoration function, which could allow authenticated administrators to upload arbitrary...

9.1CVSS6.3AI score0.00765EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.10 views

PT-2026-30920

ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...

7.3CVSS6.2AI score0.00308EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30810

Name of the Vulnerable Software and Affected Versions OceanWP Ocean Extra versions through 2.5.3 Description An authorization issue exists in OceanWP Ocean Extra. This allows exploitation due to incorrectly configured access control security levels. Recommendations Update OceanWP Ocean Extra to a...

5.4CVSS5.8AI score0.00293EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.15 views

PT-2026-30939

ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts SSRF by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain,...

7CVSS6AI score0.00296EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-33533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML- RPC server activated with glances -s or glances --serv...

7.1CVSS5.4AI score0.00409EPSS
Exploits1References3
OSV
OSV
added 2026/04/02 3:16 p.m.6 views

DEBIAN-CVE-2026-33533

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, the Glances XML-RPC server activated with glances -s or glances --server sends Access-Control-Allow-Origin: on every HTTP response. Because the XML-RPC handler does not validate the Content-Type header, an...

6.5CVSS5.4AI score0.00409EPSS
Exploits1References1
OSV
OSV
added 2026/04/02 3:16 p.m.5 views

UBUNTU-CVE-2026-33641

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS6AI score0.00866EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:0 p.m.5 views

CVE-2026-34537

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior UB in CIccOpDefEnvVar::Exec due to invalid enum values being loaded for icSigCmmEnvVar. The issue is observable under UBSan a...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:44 a.m.3 views

ROOT-OS-DEBIAN-12-CVE-2025-5372 CVE-2025-5372 in rootio-libssh - Patched by Root

Root has patched CVE-2025-5372 in the rootio-libssh package for Root:Debian:12. Multiple fixed versions available...

8.8CVSS6.7AI score0.00407EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.6 views

RHEL 9 : python3.11 (RHSA-2026:6253)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:6253 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

6CVSS7.1AI score0.0056EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33954

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.9AI score0.00318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.6 views

CVE-2026-33953

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user t...

8.5CVSS5.9AI score0.00274EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 9:23 p.m.4 views

EUVD-2026-16870

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-private link can be disclosed to a different authenticated user via the web interface. The API appears to correctly enforce note visibility, but the web link detail page renders...

6.5CVSS5.8AI score0.00318EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/26 6:53 p.m.5 views

CVE-2026-33149 Tandoor Recipes Vulnerable to Host Header Injection

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWEDHOSTS = '' by default, which causes Django to accept any value in the HTTP Host header without validation. The application uses request.buildabsoluteu...

8.1CVSS5.9AI score0.00304EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.8 views

CVE-2026-3841

A command injection vulnerability has been identified in the Telnet command-line interface CLI of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations. An authenticated attacker with elevated privileges may be able to execute...

8.5CVSS6AI score0.01774EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.30 views

CVE-2026-25350

CVE-2026-25350 is a Reflected XSS vulnerability in the Miti WordPress theme (Miti miti) affecting versions

7.1CVSS5.8AI score0.0018EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:10 p.m.12 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to handshake corruption due to the crypto/tls package (CVE-2025-68121)

Summary Crypto/tls is used as part of secure encryption by DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-68121 DESCRIPTION: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the...

10CVSS5.9AI score0.00765EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 7:49 p.m.5 views

Security Bulletin: Vulnerabilities in Quarkus affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Quarkus has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-66560 DESCRIPTION: Quarkus ...

7.5CVSS5.7AI score0.00349EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 7:43 p.m.5 views

Security Bulletin: Vulnerabilities in Netty affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Netty has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is a...

6.5CVSS6.5AI score0.00292EPSS
Exploits1Affected Software1
Rows per page
Query Builder