CVE-2026-39341
ChurchCRM (open-source church management) is affected by CVE-2026-39341 due to a time-based SQL injection in the Reports/ConfirmReportEmail.php?familyId= endpoint before version 7.1.0. The vulnerability stems from improper input validation and sanitisation where the sanitised input is not used in...