Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property ty…
ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (ChurchCRM/Slim/Middleware/AuthMiddleware.php) allo…
ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The appl…
ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to i…
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting issue affects the Directory Reports form fields set from config, Person editor defaults rendered in…
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path …
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without …
ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input (DateStart and DateEnd) into HTML input field attributes without prop…
ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripting (XSS) vulnerability in GeoPage.php allows any authenticated user to inject arbitrary JavaScript …
ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply changing the {familyId} par…
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with the role Mana…
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges can i…
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users …
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the r…
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in ChurchCRM. Authenticated users with the role …
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users…
Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decry…
ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in ChurchCRM's PropertyTypeEditor.php where the Name and Description POST parameter…
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.6 and 8.6.74, he login endpoint response time differs measurably depending…
ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authent…