CVE-2026-39318

CVE-2026-39318 affects ChurchCRM prior to 7.1.0, where the GroupPropsFormRowOps.php file renders user-provided Field input directly into SQL queries. The underlying issue is improper sanitization, and specifically that mysqli_real_escape_string() does not escape backtick characters, enabling an a...

EUVD-2018-0770

Malware in sbrugna...

AZL-68010 CVE-2025-39901 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files The 'command' and 'netdevops' debugfs files are a legacy debugging interface supported by the i40e driver since its early days by commit 02e9c290814c "i40e: debugfs interface". Both of...

CVE-2025-8984

CVE-2025-8984 affects itsourcecode Online Tour and Travel Management System 1.0. The vulnerability is in an unknown function within /admin/operations/expense_category.php, where manipulating the expense_name argument leads to SQL injection. It can be exploited remotely, and public exploits have b...

CVE-2020-10460

admin/include/operations.php via admin/email-harvester.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject untrusted input inside CSV files via the POST parameter data...