Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 72 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field ChurchCRMCRM Medium 4.8 2026-04-18 00:03:00 Deep Dive
CVE-2026-40581 ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion ChurchCRMCRM High 8.1 2026-04-17 23:51:33 Deep Dive
CVE-2026-40485 ChurchCRM: Username Enumeration via Differential Response in Public Login API ChurchCRMCRM Medium 5.3 2026-04-17 23:29:36 Deep Dive
CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function ChurchCRMCRM Critical 9.1 2026-04-17 23:25:06 Deep Dive
CVE-2026-40483 ChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment Field ChurchCRMCRM Medium 5.4 2026-04-17 23:20:45 Deep Dive
CVE-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout ChurchCRMCRM--2026-04-17 23:16:14 Deep Dive
CVE-2026-40480 ChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}` ChurchCRMCRM--2026-04-17 23:07:30 Deep Dive
CVE-2026-40482 ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}` ChurchCRMCRM--2026-04-17 22:58:49 Deep Dive
CVE-2026-39940 ChurchCRM has an Open Redirect via the ‘linkBack’ URL Parameter in DonatedItemEditor.php ChurchCRMCRM 中危 -2026-04-13 16:34:58 Deep Dive
CVE-2026-39941 ChurchCRM has an XSS vulnerability ChurchCRMCRM--2026-04-09 15:38:07 Deep Dive
CVE-2026-39337 ChurchCRM Affected by Unauthenticated RCE in Install Wizard ChurchCRMCRM Critical 10.0 2026-04-07 18:08:27 Deep Dive
CVE-2026-39319 ChurchCRM has a Second Order SQLI via FundRaiserEditor.php ChurchCRMCRM High 8.8 2026-04-07 18:05:18 Deep Dive
CVE-2026-39344 Reflected XSS the login page through the 'username' parameter ChurchCRMCRM--2026-04-07 18:04:24 Deep Dive
CVE-2026-39343 ChurchCRM has a SQL Injection in Event Type Editor (Admin) ChurchCRMCRM High 7.2 2026-04-07 18:03:25 Deep Dive
CVE-2026-39342 ChurchCRM has a SQL injection searchwhat parameter via QueryView.php ChurchCRMCRM--2026-04-07 18:02:40 Deep Dive
CVE-2026-39341 SQL injection in ChurchCRM.0 ChurchCRMCRM High 8.1 2026-04-07 18:01:42 Deep Dive
CVE-2026-39340 ChurchCRM has a SQL Injection in PropertyTypeEditor.php via Incorrect Sanitizer Substitution ChurchCRMCRM High 8.1 2026-04-07 18:00:09 Deep Dive
CVE-2026-39339 ChurchCRM has an API Authentication Bypass ChurchCRMCRM Critical 9.1 2026-04-07 17:58:50 Deep Dive
CVE-2026-39338 ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration ChurchCRMCRM--2026-04-07 17:57:30 Deep Dive
CVE-2026-39336 ChurchCRM has Stored XSS from unescaped config values in HTML attributes ChurchCRMCRM Medium 6.1 2026-04-07 17:40:55 Deep Dive