CVE-2026-6571

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument grouprole can lead to authorization bypass. The attack may be launched...

CVE-2026-6571

A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument grouprole can lead to authorization bypass. The attack may be launched...

kodcloud KodExplorer 安全漏洞

KodCloud KodExplorer is a web file manager provided by the Chinese company KodCloud. Versions of KodCloud KodExplorer 4.52 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper handling of the grouprole parameter in files/app/controllers/systemRole.class.php,...

📄 ChurchCRM 6.4.0 Cross Site Scripting

ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment. CVE-2025-67876: ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking Overview | Field | Details | |---|---| | CVE ID | CVE-2025-67876 | | Severity ...

CVE-2025-68399

ChurchCRM security advisory documents describe a Stored Cross-Site Scripting (XSS) in the GroupEditor.php page occurring in versions prior to 6.5.4 . The vulnerability allows an attacker to inject JavaScript when creating a group role, but requires the attacker to have permission to view and modi...

CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking

ChurchCRM is an open-source church management system. A stored cross-site scripting XSS vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in th...

ChurchCRM 跨站脚本漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...

CVE-2024-38818

VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned...

CVE-2024-38818

VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned...

CVE-2024-38818

VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned...

VMware NSX 安全漏洞

VMware NSX is a complete L2-L7 network and security virtualization platform from VMware. VMware NSX is a complete L2-L7 network and security virtualization platform from VMware. It provides virtual machines with a virtualized network, isolates virtual machines from the physical network, and makes...

PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 10.23.33 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 11.18.29 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 12.13.17 EnterpriseDB EDB...