ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper input validation in the Reports/ConfirmReportEmail.php endpoint, which could lead to time-based SQL injections...

ROS-20260407-73-0037

A vulnerability in the s390/char/sclp.c component of the Linux operating system kernel is related to incorrect validation of a specified index, position or offset in input data. Exploitation of the vulnerability allows an attacker to cause a denial of service...

ROS-20260407-73-0007

A vulnerability in the sizelimitmb function of the Linux kernel is related to buffer copying without input validation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2025-209251

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...

CVE-2025-57834

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...

CVE-2026-5681

CVE-2026-5681 affects the itsourcecode component’s Parameter Handler, specifically the /borrowedequip.php file where the emp_id input is not properly sanitized/validated, enabling a remote SQL injection. Exploits have been published and may be used. CVSS data indicates MEDIUM severity (CVSS 4.0 b...

CVE-2026-35022

This CVE ID has been rejected by its CVE Numbering Authority CNA. It was determined that the -p flag behavior is documented in Anthropic's claude -h output with an explicit warning that non-interactive mode should only be used in trusted directories, making this intended and described behavior...

CVE-2025-48651

In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-19359

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

CVE-2026-34975

The CVE describes a CRLF header injection vulnerability in Plunk’s SESService.ts prior to version 0.8.0. An authenticated API user could inject arbitrary email headers (e.g., Bcc, Reply-To) by embedding CRLF characters in from.name, subject, custom header keys/values, or attachment filenames, bec...

CVE-2026-33406 Pi-hole has a Stored HTML attribute injection

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, configuration values from the /api/config endpoint are placed directly into HTML value="" attributes without escaping in settings-advanced.js,...

Directus 输入验证错误漏洞

Directus is an open-source real-time API and application dashboard developed by Directus. It is used to manage SQL database content. Prior to Directus 11.16.1, there was a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation for the redirect que...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter, which could lead to...

CVE-2025-57834

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...

Open edX Platform 输入验证错误漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has a vulnerability related to input validation, where the redirecturl...

CVE-2025-57834

CVE-2025-57834 affects Samsung Mobile Processor, Wearable Processor, and Modem lines (Exynos 980/850/990/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/1680/9110/W920/W930/W1000 and Modems 5123/5300/5400/5410). The issue is due to insufficient input validation, resulting in a Denial of Service...

CVE-2025-57834

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation on the /WeGIA/controle/control.php endpoint, which did not...

GLPI 安全漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

CVE-2025-57834

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The absence of proper input validation leads to a...