Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11989
Total
791
Critical
3366
High
3787
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-5736 | HIGH | 7.3 | A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the … | Apr 07, 2026 |
| CVE-2026-39360 | UNKNOWN | — | RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path (UploadPartCopy). … | Apr 07, 2026 |
| CVE-2026-39355 | CRITICAL | 9.9 | Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to … | Apr 07, 2026 |
| CVE-2026-39354 | MEDIUM | 6.5 | Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user … | Apr 07, 2026 |
| CVE-2026-39351 | UNKNOWN | — | Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit. | Apr 07, 2026 |
| CVE-2026-39349 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, … | Apr 07, 2026 |
| CVE-2026-39348 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download … | Apr 07, 2026 |
| CVE-2026-39347 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after … | Apr 07, 2026 |
| CVE-2026-39346 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via … | Apr 07, 2026 |
| CVE-2026-39345 | UNKNOWN | — | OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the … | Apr 07, 2026 |
| CVE-2026-22711 | UNKNOWN | — | Improper neutralization of alternate XSS syntax vulnerability in The Wikimedia Foundation Mediawiki - Wikilove Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Wikilove Extension: … | Apr 07, 2026 |
| CVE-2025-71058 | UNKNOWN | — | Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. … | Apr 07, 2026 |
| CVE-2026-39344 | HIGH | 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting (XSS) vulnerability on the login page, which is caused … | Apr 07, 2026 |
| CVE-2026-39343 | HIGH | 7.2 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. … | Apr 07, 2026 |
| CVE-2026-39342 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The … | Apr 07, 2026 |
| CVE-2026-39341 | HIGH | 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, The application is vulnerable to time-based SQL injection due to an improper input validation. Endpoint … | Apr 07, 2026 |
| CVE-2026-39340 | HIGH | 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property … | Apr 07, 2026 |
| CVE-2026-39339 | CRITICAL | 9.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (ChurchCRM/Slim/Middleware/AuthMiddleware.php) allows unauthenticated attackers to access … | Apr 07, 2026 |
| CVE-2026-39338 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM … | Apr 07, 2026 |
| CVE-2026-39337 | CRITICAL | 10.0 | ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject … | Apr 07, 2026 |
| CVE-2026-39336 | MEDIUM | 6.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting issue affects the Directory Reports form fields set from config, Person … | Apr 07, 2026 |
| CVE-2026-39335 | MEDIUM | 6.1 | ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily … | Apr 07, 2026 |
| CVE-2026-39334 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users … | Apr 07, 2026 |
| CVE-2026-39333 | HIGH | 8.7 | ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input (DateStart and DateEnd) into HTML input field attributes without … | Apr 07, 2026 |
| CVE-2026-39332 | HIGH | 8.7 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripting (XSS) vulnerability in GeoPage.php allows any authenticated user to inject arbitrary … | Apr 07, 2026 |