24 matches found
CVE-2026-45055
CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CCSTOREURL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded verbatim into transactional email links, most critically the password-reset link in...
ps459
Multi-Firmware PS4 WebKit & Kernel Exploit Chain An exploit c...
CVE-2026-33887
Statamic CMS (Laravel/Git) contains a vulnerability in revision controllers: before versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisions enabled, bypassing collection permissions and exposing entry field values and blueprint da...
CVE-2026-33886
Statamic is a Laravel and Git powered content management system CMS. Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields could access sensitive application configuration values by inserting config variables into their...
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. Patches This has been fixed in pypdf==6.7.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3655...
CVE-2026-27628
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...
CVE-2026-27628
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...
CVE-2026-2630
CVE-2026-2630 is a command‑injection vulnerability affecting the Tenable Security Center. An authenticated, remote attacker could execute arbitrary code on the underlying server hosting Security Center. The CVSS metrics indicate network access, low attack complexity, and that privileges are requi...
ChurchCRM SQL Injection Vulnerability (CNVD-2026-12565)
ChurchCRM is ChurchCRM open source an open source CRM system for churches. A SQL injection vulnerability exists in ChurchCRM versions prior to 6.7.2, which stems from the lack of validation of external input SQL statements in the PerID parameter in the /PaddleNumEditor.php endpoint. An attacker c...
CVE-2026-24854
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
CVE-2026-24855
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...
CVE-2026-24855
ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...
CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php
ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint /PaddleNumEditor.php in ChurchCRM prior to version 6.7.2. Any authenticated user, including one with zero assigned permissions, can exploit SQL injection through the PerID parameter. Version 6.7...
PT-2026-5407
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.7.2 Description ChurchCRM is an open-source church management system. A SQL Injection issue exists in the /PaddleNumEditor.php endpoint. Any authenticated user, even with limited permissions, can exploit SQL...
RosarioSIS 6.7.2 - Cross-Site Scripting (XSS)
Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link: https://gitlab.com/francoisjacquet/rosariosis Version: 6.7.2 Tested on: Windows CVE : CVE-2020-15718 Proof Of Concep...
PowSyBl Core 安全漏洞
PowSyBl Core is a PowSyBl open source software building framework for power systems. A security vulnerability exists in PowSyBl Core versions prior to 6.7.2 that stems from XML parsing vulnerability to XML external entity attacks and server-side request forgery attacks...
CVE-2023-1634
A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/infodeal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit ha...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel versions 6.7.2 and earlier, which stems from the presence of an untrusted hypervisor that can inject a virtual...
PT-2024-25555 · WordPress · Wp Media Cleaner
Name of the Vulnerable Software and Affected Versions: WP Media Cleaner versions through 6.7.2 Description: The issue is related to the insertion of sensitive information into log files. This could potentially expose sensitive data. There is no information provided about the estimated number of...
OTCMS 代码问题漏洞
OTCMS Nettie CMS is a content management system CMS for article-based websites. A security vulnerability exists in OTCMS version 6.72. An attacker could exploit this vulnerability to perform server-side request forgery attacks...