|
1431
|
2.4 |
LOW
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a se…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-40336
|
2026-04-21 04:00 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1432
|
5.2 |
MEDIUM
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40338
|
2026-04-21 04:00 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1433
|
5.2 |
MEDIUM
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 842). The function read…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40339
|
2026-04-21 04:00 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1434
|
6.1 |
MEDIUM
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). The …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-40340
|
2026-04-21 04:00 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1435
|
3.5 |
LOW
Physics
|
-
|
-
|
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input f…
|
CWE-126
Buffer Over-read
|
CVE-2026-40341
|
2026-04-21 04:00 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1436
|
- |
|
-
|
-
|
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorizatio…
|
CWE-639
CWE-862
Authorization Bypass Through User-Controlled Key
Missing Authorization
|
CVE-2026-40480
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1437
|
- |
|
-
|
-
|
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQ…
|
CWE-89
SQL Injection
|
CVE-2026-40482
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1438
|
5.4 |
MEDIUM
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via html…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-40483
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1439
|
9.1 |
CRITICAL
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ direct…
|
CWE-269
CWE-434
CWE-552
Improper Privilege Management
Unrestricted Upload of File with Dangerous Type
Files or Directories Accessible to External Parties
|
CVE-2026-40484
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1440
|
5.3 |
MEDIUM
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/user/login) returns distinguishable HTTP response codes based on whether a…
|
CWE-204
CWE-307
Response Discrepancy Information Exposure
mproper Restriction of Excessive Authentication Attempts
|
CVE-2026-40485
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
