| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11939 | ChurchCRM Backup Restore RestoreJob.php path traversal | - | ChurchCRM | Medium | 4.7 | 2025-10-19 08:02:06 | Deep Dive |
| CVE-2025-11938 | ChurchCRM setup.php deserialization | - | ChurchCRM | Medium | 5.6 | 2025-10-19 07:32:06 | Deep Dive |
| CVE-2025-11529 | ChurchCRM API Endpoint AuthMiddleware.php AuthMiddleware missing authentication | - | ChurchCRM | High | 7.3 | 2025-10-09 03:02:12 | Deep Dive |
| CVE-2025-3954 | ChurchCRM Referer server-side request forgery | - | ChurchCRM | Low | 3.7 | 2025-04-26 21:31:04 | Deep Dive |
| CVE-2025-1135 | SQL Injection in ChurchCRM CurrentFundraiser Parameter via BatchWinnerEntry.php | ChurchCRM | ChurchCRM | 中危 | - | 2025-02-19 09:01:59 | Deep Dive |
| CVE-2025-1134 | SQL Injection in ChurchCRM CurrentFundraiser Parameter via DonatedItemEditor.php | ChurchCRM | ChurchCRM | 中危 | - | 2025-02-19 08:58:09 | Deep Dive |
| CVE-2025-1133 | SQL Injection in ChurchCRM EID Parameter via EditEventAttendees.php | ChurchCRM | ChurchCRM | 超危 | - | 2025-02-19 08:52:43 | Deep Dive |
| CVE-2025-1132 | SQL Injection in ChurchCRM EN_tyid Parameter via EditEventAttendees.php | ChurchCRM | ChurchCRM | 中危 | - | 2025-02-19 08:47:13 | Deep Dive |
| CVE-2025-1024 | Session Hijacking via Reflected Cross-Site Scripting (XSS) in ChurchCRM EditEventAttendees.php EID Parameter | ChurchCRM | ChurchCRM | 中危 | - | 2025-02-19 08:34:56 | Deep Dive |
| CVE-2025-1023 | SQL Injection in ChurchCRM newCountName Parameter via EditEventTypes.php | ChurchCRM | ChurchCRM | 中危 | - | 2025-02-18 09:45:26 | Deep Dive |
| CVE-2025-0981 | Session Hijacking via Stored Cross-Site Scripting (XSS) in ChurchCRM GroupEditor.php Description Field | ChurchCRM | ChurchCRM | 中危 | - | 2025-02-18 09:33:54 | Deep Dive |
| CVE-2024-39304 | ChurchCRM SQL Injection Vulnerability | ChurchCRM | CRM | High | 8.8 | 2024-07-26 17:31:38 | Deep Dive |