Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 72 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-24855 ChurchCRM has Stored Cross-Site Scripting (XSS) in Create Events in Church Calendar, Leading to Account Takeover ChurchCRMCRM--2026-01-30 15:08:31 Deep Dive
CVE-2026-24854 Church CRM has SQL injection in PaddleNumEditor.php ChurchCRMCRM High 8.8 2026-01-30 15:05:12 Deep Dive
CVE-2025-68275 ChurchCRM vulnerable to Stored XSS - Group name > Person Listing ChurchCRMCRM--2025-12-17 21:53:23 Deep Dive
CVE-2025-68401 ChurchCRM has Stored Cross-Site Scripting (XSS) vulnerability that leads to session theft and account takeover ChurchCRMCRM--2025-12-17 21:48:29 Deep Dive
CVE-2025-68400 ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php ChurchCRMCRM--2025-12-17 21:42:21 Deep Dive
CVE-2025-68399 ChurchCRM has Stored Cross-Site Scripting (XSS) In GroupEditor.php ChurchCRMCRM--2025-12-17 21:40:23 Deep Dive
CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php ChurchCRMCRM Critical 9.6 2025-12-17 21:38:24 Deep Dive
CVE-2025-68111 ChurchCRM has SQL Injection in eGive Import Feature ChurchCRMCRM High 7.2 2025-12-17 21:35:11 Deep Dive
CVE-2025-68110 ChurchCRM discloses database information on error message ChurchCRMCRM Critical 9.9 2025-12-17 21:33:36 Deep Dive
CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality ChurchCRMCRM Critical 9.1 2025-12-17 21:29:39 Deep Dive
CVE-2025-67877 ChurchCRM SQL Injection Vulnerability ChurchCRMCRM--2025-12-17 21:25:18 Deep Dive
CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking ChurchCRMCRM--2025-12-17 21:18:21 Deep Dive
CVE-2025-67875 ChurchCRM has stored XSS via Person Property Assignment Leading to Admin Session Hijacking ChurchCRMCRM--2025-12-17 21:16:16 Deep Dive
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control ChurchCRMCRM High 8.3 2025-12-17 19:12:42 Deep Dive
CVE-2025-66396 ChurchCRM has SQL Injection in User Editor via `type` Parameter Key ChurchCRMCRM High 7.2 2025-12-17 19:10:50 Deep Dive
CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter ChurchCRMCRM High 8.8 2025-12-17 19:04:45 Deep Dive
CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard ChurchCRMCRM Critical 10.0 2025-12-17 19:03:20 Deep Dive
CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix ChurchCRMCRM High 7.2 2025-12-16 00:46:31 Deep Dive
CVE-2025-67874 ChurchCRM has plaintext password return in response ChurchCRMCRM--2025-12-16 00:44:44 Deep Dive
CVE-2025-66313 ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter ChurchCRMCRM--2025-12-01 22:13:20 Deep Dive