Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 401 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2025-68401 ChurchCRM has Stored Cross-Site Scripting (XSS) vulnerability that leads to session theft and account takeover ChurchCRMCRM--2025-12-17 21:48:29 Deep Dive
CVE-2025-68400 ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php ChurchCRMCRM--2025-12-17 21:42:21 Deep Dive
CVE-2025-68399 ChurchCRM has Stored Cross-Site Scripting (XSS) In GroupEditor.php ChurchCRMCRM--2025-12-17 21:40:23 Deep Dive
CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php ChurchCRMCRM Critical 9.6 2025-12-17 21:38:24 Deep Dive
CVE-2025-68111 ChurchCRM has SQL Injection in eGive Import Feature ChurchCRMCRM High 7.2 2025-12-17 21:35:11 Deep Dive
CVE-2025-68110 ChurchCRM discloses database information on error message ChurchCRMCRM Critical 9.9 2025-12-17 21:33:36 Deep Dive
CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality ChurchCRMCRM Critical 9.1 2025-12-17 21:29:39 Deep Dive
CVE-2025-67877 ChurchCRM SQL Injection Vulnerability ChurchCRMCRM--2025-12-17 21:25:18 Deep Dive
CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking ChurchCRMCRM--2025-12-17 21:18:21 Deep Dive
CVE-2025-67875 ChurchCRM has stored XSS via Person Property Assignment Leading to Admin Session Hijacking ChurchCRMCRM--2025-12-17 21:16:16 Deep Dive
CVE-2025-66397 ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control ChurchCRMCRM High 8.3 2025-12-17 19:12:42 Deep Dive
CVE-2025-66396 ChurchCRM has SQL Injection in User Editor via `type` Parameter Key ChurchCRMCRM High 7.2 2025-12-17 19:10:50 Deep Dive
CVE-2025-66395 SQL Injection in Event List via `WhichType` Parameter ChurchCRMCRM High 8.8 2025-12-17 19:04:45 Deep Dive
CVE-2025-62521 ChurchCRM has unauthenticated RCE in its Install Wizard ChurchCRMCRM Critical 10.0 2025-12-17 19:03:20 Deep Dive
CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix ChurchCRMCRM High 7.2 2025-12-16 00:46:31 Deep Dive
CVE-2025-67874 ChurchCRM has plaintext password return in response ChurchCRMCRM--2025-12-16 00:44:44 Deep Dive
CVE-2025-12696 HelloLeads CRM Form Shortcode <= 1.0 - Unauthenticated Settings Reset UnknownHelloLeads CRM Form Shortcode--2025-12-14 06:00:03 Deep Dive
CVE-2025-13092 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Unauthenticated Information Expsoure ajitdasDevs CRM – Manage tasks, attendance and teams all together Medium 5.3 2025-12-13 04:31:33 Deep Dive
CVE-2025-13093 Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Missing Authorization to Unauthenticated Lead Tag Update ajitdasDevs CRM – Manage tasks, attendance and teams all together Medium 5.3 2025-12-13 04:31:27 Deep Dive
CVE-2025-62740 WordPress WP-CRM System plugin <= 3.4.6 - Broken Access Control vulnerability Mario PeshevWP-CRM System--2025-12-09 14:52:23 Deep Dive