Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.4 views

CVE-2026-39342

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/07 6:2 p.m.1 views

CVE-2026-39342

ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/07 6:2 p.m.9 views

CVE-2026-39342

ChurchCRM prior to 7.1.0 is vulnerable to SQL injection via the searchwhat parameter (QueryView.php?QueryID=15) when accessed by an authenticated user with Data/Reports > Query Menu and the Advanced Search query. Root cause: improper input handling enables SQL injection. Impact is high for con...

9.4CVSS5.9AI score0.00309EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.6 views

PT-2026-28386

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.6 Description Open WebUI is a self-hosted artificial intelligence platform designed for offline operation. A flaw exists where any authenticated user can access private memories and files belonging to other...

3.1CVSS5.9AI score0.00253EPSS
Exploits1References5
CVE
CVE
added 2026/03/10 6:56 p.m.14 views

CVE-2026-3582

CVE-2026-3582 affects GitHub Enterprise Server. An Incorrect Authorization vulnerability allowed an authenticated user with a classic PAT lacking the repo scope to retrieve issues and commits from private/internal repositories via the search REST API, provided the user already had access to the r...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-7326

Malicious code in bioql PyPI...

2.4CVSS4.4AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:22 a.m.8 views

CVE-2022-21677

Discourse is an open source discussion platform. Discourse groups can be configured with varying visibility levels for the group as well as the group members. By default, a newly created group has its visibility set to public and the group's members visibility set to public as well. However, a...

5.3CVSS6.6AI score0.01174EPSS
Exploits0References1
NVD
NVD
added 2025/05/06 8:15 a.m.25 views

CVE-2025-46590

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions...

6.5CVSS0.00174EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/02/16 12:0 a.m.9 views

PT-2025-6880 · Eastnets · Eastnets Paymentsafe

Name of the Vulnerable Software and Affected Versions: Eastnets PaymentSafe version 2.5.26.0 Description: A vulnerability was found in the BIC Search component of Eastnets PaymentSafe, which has been classified as problematic. The manipulation leads to cross-site scripting and can be initiated...

5.1CVSS3.7AI score0.00489EPSS
Exploits3References13
OSV
OSV
added 2020/03/10 6:15 p.m.3 views

UBUNTU-CVE-2019-13457

An issue was discovered in Open Ticket Request System OTRS 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets with the same CustomerID, even when the CustomerDisableCompanyTicketAccess setting is turned on...

4.3CVSS6AI score0.00907EPSS
Exploits0References4
Rows per page
Query Builder