Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/07/03 3:16 p.m.44 views

CVE-2026-14613 Keycloak-services: keycloak-services: keycloak: fgap v2 role groups endpoint discloses hidden group metadata without group view permission

A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions FGAP v2 are turned on, an administrator who is allowed to see a specific "role" can...

4.3CVSS0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 3:16 p.m.22 views

CVE-2026-14613

Technical details are not publicly available in the provided documents. Monitor for updates from Red Hat/NVD for affected Keycloak FGAP v2 integration and any patched versions.

4.3CVSS6AI score0.00172EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/20 7:41 p.m.8 views

CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.4CVSS5.6AI score0.00189EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 7:22 p.m.8 views

CVE-2026-26059

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.4CVSS0.00189EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/19 6:45 p.m.6 views

CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.3CVSS5.5AI score0.00189EPSS
Exploits1References1
CVE
CVE
added 2026/02/19 6:45 p.m.13 views

CVE-2026-26059

CVE-2026-26059 affects ChurchCRM prior to 6.8.2 and is a stored XSS in GroupEditor.php: an authenticated user with group-edit permissions could store a JavaScript payload that executes when the group is viewed. The issue is fixed in version 6.8.2. If upgrading is possible, apply 6.8.2 or newer to...

5.4CVSS5.5AI score0.00189EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/02/19 6:45 p.m.25 views

CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.3CVSS0.00189EPSS
Exploits1References1
OSV
OSV
added 2026/02/19 6:45 p.m.10 views

CVE-2026-26059 ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php

ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit groups to store a JavaScript payload that would execute when the group was viewed in the Group View. Version 6.8.2 fixes this issue...

5.3CVSS5.5AI score0.00189EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20912

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.8.2 Description ChurchCRM is an open-source church management system. An authenticated user with permission to edit groups could store a JavaScript payload that would execute when the group was viewed in the Group...

5.4CVSS5.3AI score0.00189EPSS
Exploits1References5
NVD
NVD
added 2025/12/17 10:16 p.m.9 views

CVE-2025-68399

ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting XSS vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to...

5.4CVSS0.00162EPSS
Exploits1References1
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.30 views

Update Rollup 5 for System Center 2019 Operations Manager

None None...

5.8AI score
Exploits0
Rows per page
Query Builder