100 matches found
CVE-2026-58411
ChurchCRM (open-source church management system) Vulnerability: Prior to version 7.4.0, a Reflected XSS was identified due to insufficient output encoding of user-controlled request parameter names and values. The application reflects attacker-controlled input into JavaScript string contexts and ...
CVE-2026-58411 ChurchCRM has Reflected Cross-Site Scripting (XSS) via unsanitized request parameter names and values
ChurchCRM is an open-source church management system. Prior to version 7.4.0, Cross-Site Scripting XSS vulnerabilities were identified due to insufficient output encoding of user-controlled request parameter names and parameter values. The application reflects attacker-controlled input into...
Timing Attack
Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Timing Attack via the validsignature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and...
PYSEC-2026-442 PaddlePaddle Path Traversal vulnerability
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...
Malicious code in paddle-internal-scripts (npm)
Malicious package due to sensitive data exfiltration via obfuscated preinstall script. Few published versions increase suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae655788b800d689464263a26d904ccb45fe4aa65b61422a51325008aff3003 The package...
MAL-2026-2829 Malicious code in paddle-internal-scripts (npm)
Malicious package due to sensitive data exfiltration via obfuscated preinstall script. Few published versions increase suspicion. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eae655788b800d689464263a26d904ccb45fe4aa65b61422a51325008aff3003 The package...
EUVD-2026-5023
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
PT-2026-5407
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.7.2 Description ChurchCRM is an open-source church management system. A SQL Injection issue exists in the /PaddleNumEditor.php endpoint. Any authenticated user, even with limited permissions, can exploit SQL...
Malicious code in paddle-subscription (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-9751 Malicious code in paddle-subscription (npm)
--- -= Per source details. Do not edit below this line.=-...
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-1603 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-16...
CVE-2024-1603 confirmed
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.readfile...
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-0818 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-08...
Path traversal
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...
CVE-2024-0818
CVE-2024-0818 affects PaddlePaddle (
CVE-2024-0818
Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...
paddle-ner (=0.1.0), paddle-quantum (>=1.1.1 <=2.2.1) +3 more potentially affected by CVE-2024-0917 via paddlepaddle (=1.8.5)
paddlepaddle PYPI version =1.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on paddlepaddle and may be impacted: - paddle-ner =0.1.0 - paddle-quantum =1.1.1, =1.8.5.0, =1.8.5.1 - paddle-tokenizer =0.1.0 - pyunit-ner =2021.8.2 Source cves: CVE-2024-09...
CVE-2024-0917
remote code execution in paddlepaddle/paddle 2.6.0...
CVE-2024-0917
PaddlePaddle vulnerability CVE-2024-0917 affects paddlepaddle/paddle 2.6.0. Root cause: code injection due to improper filtering of special elements in constructed code segments, enabling remote code execution. Impact is described as remote code execution with high confidentiality/integrity/avail...