| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39334 | ChurchCRM has a Blind SQL injection in SettingsIndividual.php | ChurchCRM | CRM | High | 8.8 | 2026-04-07 17:38:45 | Deep Dive |
| CVE-2026-39333 | ChurchCRM has Reflected XSS in DateStart/DateEnd parameters in FindFundRaiser.php | ChurchCRM | CRM | High | 8.7 | 2026-04-07 17:38:03 | Deep Dive |
| CVE-2026-39332 | ChurchCRM has Reflected Cross-Site Scripting (XSS) in GeoPage.php | ChurchCRM | CRM | High | 8.7 | 2026-04-07 17:37:24 | Deep Dive |
| CVE-2026-39331 | ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families | ChurchCRM | CRM | High | 8.1 | 2026-04-07 17:36:42 | Deep Dive |
| CVE-2026-39330 | ChurchCRM has a Blind SQL injection in PropertyAssign.php | ChurchCRM | CRM | High | 8.8 | 2026-04-07 17:34:30 | Deep Dive |
| CVE-2026-39329 | ChurchCRM has a Blind SQL injection in EventNames.php | ChurchCRM | CRM | High | 8.8 | 2026-04-07 17:33:30 | Deep Dive |
| CVE-2026-39328 | ChurchCRM has Stored XSS in Social Profile Fields | ChurchCRM | CRM | High | 8.9 | 2026-04-07 17:32:41 | Deep Dive |
| CVE-2026-39327 | ChurchCRM has a SQL injection in MemberRoleChange.php | ChurchCRM | CRM | High | 8.8 | 2026-04-07 17:31:37 | Deep Dive |
| CVE-2026-39326 | ChurchCRM has a Blind SQL injection in PropertyTypeEditor.php | ChurchCRM | CRM | High | 8.8 | 2026-04-07 17:30:58 | Deep Dive |
| CVE-2026-39325 | ChurchCRM has a Blind SQL injection in SettingsUser.php | ChurchCRM | CRM | High | 7.2 | 2026-04-07 17:29:20 | Deep Dive |
| CVE-2026-39318 | ChurchCRM has a DDL SQL Injection in GroupPropsFormRowOps.php | ChurchCRM | CRM | High | 8.8 | 2026-04-07 17:27:51 | Deep Dive |
| CVE-2026-39335 | ChurchCRM has Stored XSS via Unescaped data-* Attributes in Group/Family Controls | ChurchCRM | CRM | Medium | 6.1 | 2026-04-07 17:23:09 | Deep Dive |
| CVE-2026-35576 | ChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.php | ChurchCRM | CRM | High | 8.7 | 2026-04-07 17:11:25 | Deep Dive |
| CVE-2026-35575 | ChurchCRM has Stored XSS in Group Name | ChurchCRM | CRM | High | 8.0 | 2026-04-07 17:08:43 | Deep Dive |
| CVE-2026-35572 | SSRF via Referer header in ChurchCRM allows server-side HTTP/HTTPS requests to arbitrary hosts | ChurchCRM | CRM | - | - | 2026-04-07 17:07:58 | Deep Dive |
| CVE-2026-35573 | ChurchCRM has a Path traversal leads to RCE | ChurchCRM | CRM | Critical | 9.1 | 2026-04-07 17:06:07 | Deep Dive |
| CVE-2026-35574 | ChurchCRM has a Stored XSS in Person Profile - Add a Note | ChurchCRM | CRM | High | 7.3 | 2026-04-07 17:04:21 | Deep Dive |
| CVE-2026-35534 | ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection | ChurchCRM | CRM | High | 7.6 | 2026-04-07 15:47:44 | Deep Dive |
| CVE-2026-32880 | ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php | ChurchCRM | CRM | Medium | 6.4 | 2026-03-20 01:04:08 | Deep Dive |
| CVE-2026-26059 | ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php | ChurchCRM | CRM | 中危 | - | 2026-02-19 18:45:53 | Deep Dive |