Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44548

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records,...

8.1CVSS5.3AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 11:16 p.m.19 views

CVE-2026-44548

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records,...

8.1CVSS0.0012EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40464

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.3.2 Description Top-level cross-site GET navigation from an attacker-controlled page to the endpoints "FundRaiserDelete.php", "PropertyTypeDelete.php", or "NoteDelete.php" allows a logged-in user with the...

8.1CVSS5.7AI score0.0012EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34499

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

5.6CVSS6AI score0.00165EPSS
Exploits1References2
NVD
NVD
added 2021/07/02 1:15 p.m.25 views

CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

4.3CVSS0.006EPSS
Exploits1References2
OSV
OSV
added 2021/07/02 1:15 p.m.22 views

CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

4.3CVSS6.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/06/12 12:0 a.m.4 views

PT-2021-21126 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the Translate extension where the Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set. This allows users with t...

9.8CVSS6AI score0.03832EPSS
Exploits18References74
Rows per page
Query Builder