3092 matches found
GHSA-693F-PF34-72C5
creationtimestamp| type| source ---|---|--- 2026-04-07 19:34:12+00:00| seen| Telegram/RceOsMbVCcV6wQMI9eJfY-7gRIWU138I3ZVebAFZlOd7ZE...
CVE-2026-35574
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...
CVE-2026-35574 ChurchCRM has a Stored XSS in Person Profile - Add a Note
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...
EUVD-2026-19772
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...
CVE-2026-35574 ChurchCRM has a Stored XSS in Person Profile - Add a Note
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...
CVE-2026-35574
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...
CVE-2026-35574
ChurchCRM (open-source church management software) contains a Stored XSS vulnerability in the Note Editor prior to version 6.5.3. Authenticated users with note-adding permissions can inject JavaScript that runs in other users’ browsers (including admins), leading to potential session hijacking, p...
CVE-2026-35585
CVE-2026-35585 affects File Browser versions 2.0.0–2.63.1. The hook system that runs administrator-defined shell commands on file events (upload/rename/delete) is vulnerable to OS command injection because values like $FILE and $USERNAME are substituted via os.Expand without sanitization. An atta...
DEBIAN-CVE-2026-33227
Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...
PT-2026-30920
ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting XSS vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissions to execute arbitrary JavaScript code in the context of other users' browsers, including...
Mozilla Thunderbird < 140.9.1
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-29 advisory. - Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and...
ChurchCRM 安全漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 6.5.3 contained security vulnerabilities. These vulnerabilities stemmed from a storage-oriented cross-site scripting vulnerability in the note editor. This could allow authenticated users with note-addin...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this vulnerability allows unverified attackers to manipulate database queries...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this vulnerability allows unverified attackers to manipulate database queries...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...
KADOS SQL注入漏洞
KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability, which stems from the injection of SQL code through the idproject parameter. This vulnerability may lead to SQL injection attacks...