Lucene search
+L

9 matches found

redhatcve
redhatcve
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39327

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

8.8CVSS5.7AI score0.00244EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/07 5:31 p.m.19 views

CVE-2026-39327 ChurchCRM has a SQL injection in MemberRoleChange.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...

8.8CVSS0.00244EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/07 3:49 p.m.2 views

CVE-2026-35567

...

5.9AI score0.00047EPSS
Exploits0
talosblog
talosblog
added 2026/03/11 10:0 a.m.9 views

Spinning complex ideas into clear docs with Kri Dontje

Welcome back! This week, we're shining a spotlight on Kri Dontje, a technical writer who's become an essential voice in making Cisco Talos' work understandable for a wide audience. With a background in technical communications and a career that began at a small startup, Kri discusses the importan...

5.8AI score
Exploits0
osv
osv
added 2024/03/06 11:8 a.m.21 views

BIT-WILDFLY-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity...

4.8CVSS5.2AI score0.00528EPSS
Exploits0References2
github
github
added 2022/05/13 1:12 a.m.24 views

Statamic framework Incorrect Permission Assignment

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

8.8CVSS6.8AI score0.00867EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2021/05/20 1:15 p.m.35 views

CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity...

4.8CVSS0.00528EPSS
Exploits0References1
cvelist
cvelist
added 2017/07/24 12:0 p.m.27 views

CVE-2017-11422

Statamic framework before 2.6.0 does not correctly check a session's permissions when the methods from a user's class are called. Problematic methods include reset password, create new account, create new role, etc...

8.8AI score0.00867EPSS
Exploits0References1
prion
prion
added 2017/06/07 1:29 p.m.17 views

Design/Logic Flaw

An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available...

5CVSS7.4AI score0.03331EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder