CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

224 matches found

Schneier on Security•added 2026/05/26 3:2 p.m.•9 views

Identifying People Using Wi-Fi Routers

Not identifying people based on their use of Wi-Fi routers, but identifying people using Wi-Fi signals. This is accomplished through what is known as WiFi sensing, or the use of WiFi signals to infer information about a physical environment. When radio signals like WiFi travel through a space, th...

5.8AI score

Exploits0

EUVD•added 2026/04/21 9:31 p.m.•1 views

EUVD-2026-24333

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise H...

5.4CVSS5.7AI score0.00028EPSS

Exploits0References2

ATTACKERKB•added 2026/04/21 8:35 p.m.•4 views

CVE-2026-22019

5.4CVSS5.7AI score0.00028EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/04/21 12:0 a.m.•5 views

Oracle PeopleSoft Enterprise HCM Shared Components 安全漏洞

Oracle PeopleSoft Enterprise HCM Shared Components is a set of common component modules for human resources systems developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise HCM Shared Components contains a security vulnerability. This vulnerability stems from issues with the...

5.4CVSS7.2AI score0.00028EPSS

Exploits0References2

Positive Technologies•added 2026/04/21 12:0 a.m.•3 views

PT-2026-34087

5.4CVSS5.7AI score0.00028EPSS

Exploits0References4

RedhatCVE•added 2026/04/20 7:22 p.m.•2 views

CVE-2026-40480

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/personId endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson restrictions, the API layer...

7.1CVSS5.7AI score0.00017EPSS

Exploits0References1

ATTACKERKB•added 2026/04/17 11:7 p.m.•0 views

CVE-2026-40480

7.1CVSS5.7AI score0.00017EPSS

Exploits0References5Affected Software1

EUVD•added 2026/04/17 11:7 p.m.•2 views

EUVD-2026-23589

7.1CVSS5.7AI score0.00017EPSS

Exploits0References4

CVE•added 2026/04/17 11:7 p.m.•1 views

CVE-2026-40480

ChurchCRM suffers a Missing Object-Level Authorization (IDOR) in GET /api/person/{personId} prior to version 7.2.0, where the API path omits canEditPerson checks and enables any authenticated user with EditSelf privileges to enumerate and read other members’ records containing PII (names, address...

7.1CVSS5.7AI score0.00017EPSS

Exploits0References4

Snyk•added 2026/04/14 4:15 p.m.•2 views

Authorization Bypass Through User-Controlled Key

Overview krayin/laravel-crm is a hand tailored CRM framework built on some of the hottest opensource technologies such as Laravel a PHP framework and Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in...

8.6CVSS5.8AI score0.00038EPSS

Exploits2References2

GithubExploit•added 2026/04/11 7:14 p.m.•85 views

Exploit for Cross-site Scripting in Churchcrm

CVE-2025-67875: ChurchCRM has stored XSS via Person Property A...

8.5CVSS5.8AI score0.00025EPSS

Exploits3

RedhatCVE•added 2026/04/09 7:23 p.m.•1 views

CVE-2026-35576

ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting XSS vulnerability exists in ChurchCRM within the Person Property Management subsystem. This issue persists in versions patched for CVE-2023-38766 and allows an authenticated user to inject arbitrar...

8.7CVSS6.2AI score0.00038EPSS

Exploits0References1

RedhatCVE•added 2026/04/09 7:23 p.m.•1 views

CVE-2026-35534

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote character...

7.6CVSS6AI score0.00038EPSS

Exploits0References1

NVD•added 2026/04/07 6:16 p.m.•0 views

CVE-2026-35576

8.7CVSS0.00038EPSS

Exploits0References2

ATTACKERKB•added 2026/04/07 5:40 p.m.•2 views

CVE-2026-39336

ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting issue affects the Directory Reports form fields set from config, Person editor defaults rendered into address fields, and external self-registration form defaults. This is primarily an admin-to-adm...

6.1CVSS5.8AI score0.00035EPSS

Exploits0References2Affected Software1

EUVD•added 2026/04/07 5:11 p.m.•2 views

EUVD-2026-19774

8.7CVSS6.2AI score0.00282EPSS

Exploits0References2

ATTACKERKB•added 2026/04/07 5:11 p.m.•0 views

CVE-2026-35576

8.7CVSS6AI score0.00282EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/07 5:11 p.m.•13 views

CVE-2026-35576 ChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.php

8.7CVSS0.00038EPSS

Exploits0References2

CVE•added 2026/04/07 5:11 p.m.•3 views

CVE-2026-35576

ChurchCRM prior to version 7.0.0 has a stored XSS in the Person Property Management subsystem (PrintView.php) that an authenticated user can inject via dynamically assigned person properties. The payload is stored and executed when other users view the affected person profile or the printable vie...

8.7CVSS6AI score0.00038EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/07 5:11 p.m.•2 views

CVE-2026-35576 ChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.php

8.7CVSS6.2AI score0.00038EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by