|
1441
|
8.1 |
HIGH
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records an…
|
CWE-352
CWE-862
Origin Validation Error
Missing Authorization
|
CVE-2026-40581
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1442
|
- |
|
-
|
-
|
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, byp…
|
CWE-288
CWE-305
Authentication Bypass Using an Alternate Path or Channel
Authentication Bypass by Primary Weakness
|
CVE-2026-40582
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1443
|
4.8 |
MEDIUM
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applyin…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-40593
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1444
|
- |
|
-
|
-
|
editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allo…
|
CWE-121
CWE-787
Stack-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-40489
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1445
|
6.8 |
MEDIUM
Network
|
-
|
-
|
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versio…
|
CWE-200
Information Exposure
|
CVE-2026-40490
|
2026-04-21 03:59 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1446
|
5.3 |
MEDIUM
Network
|
-
|
-
|
OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api…
|
CWE-204
Response Discrepancy Information Exposure
|
CVE-2026-24468
|
2026-04-21 03:59 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1447
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE de…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40494
|
2026-04-21 03:55 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1448
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40492
|
2026-04-21 03:55 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1449
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-40493
|
2026-04-21 03:55 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1450
|
8.8 |
HIGH
Network
|
-
|
-
|
Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attacker…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-34427
|
2026-04-21 03:54 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
