Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
11989
Total
791
Critical
3366
High
3787
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-39331 | HIGH | 8.1 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper authorization by simply … | Apr 07, 2026 |
| CVE-2026-39330 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ChurchCRM. Authenticated users with … | Apr 07, 2026 |
| CVE-2026-39329 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. Authenticated users with AddEvent privileges … | Apr 07, 2026 |
| CVE-2026-39328 | HIGH | 8.9 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who … | Apr 07, 2026 |
| CVE-2026-39327 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users … | Apr 07, 2026 |
| CVE-2026-39326 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in ChurchCRM. Authenticated users with … | Apr 07, 2026 |
| CVE-2026-39325 | HIGH | 7.2 | ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative … | Apr 07, 2026 |
| CVE-2026-39324 | UNKNOWN | — | Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption … | Apr 07, 2026 |
| CVE-2026-39323 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in ChurchCRM's PropertyTypeEditor.php where the Name and Description POST … | Apr 07, 2026 |
| CVE-2026-39321 | UNKNOWN | — | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.6 and 8.6.74, he login … | Apr 07, 2026 |
| CVE-2026-39319 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A … | Apr 07, 2026 |
| CVE-2026-39318 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, the GroupPropsFormRowOps.php file contains a SQL injection vulnerability. User input in the Field parameter is … | Apr 07, 2026 |
| CVE-2026-39317 | HIGH | 8.8 | ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in ChurchCRM's SettingsIndividual.php where user-controlled array keys from the type … | Apr 07, 2026 |
| CVE-2026-35576 | HIGH | 8.7 | ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting (XSS) vulnerability exists in ChurchCRM within the Person Property Management subsystem. … | Apr 07, 2026 |
| CVE-2026-35575 | HIGH | 8.0 | ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting (Stored XSS) vulnerability in the admin panel’s group-creation feature allows any … | Apr 07, 2026 |
| CVE-2026-35573 | CRITICAL | 9.1 | ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary … | Apr 07, 2026 |
| CVE-2026-35572 | UNKNOWN | — | ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts (SSRF) by supplying a … | Apr 07, 2026 |
| CVE-2026-31272 | UNKNOWN | — | MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication. | Apr 07, 2026 |
| CVE-2026-31271 | UNKNOWN | — | megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to … | Apr 07, 2026 |
| CVE-2026-24175 | HIGH | 7.5 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A … | Apr 07, 2026 |
| CVE-2026-24174 | HIGH | 7.5 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful … | Apr 07, 2026 |
| CVE-2026-24173 | HIGH | 7.5 | NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful … | Apr 07, 2026 |
| CVE-2026-24156 | HIGH | 7.3 | NVIDIA DALI contains a vulnerability where an attacker could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to arbitrary … | Apr 07, 2026 |
| CVE-2026-24147 | MEDIUM | 4.8 | NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful … | Apr 07, 2026 |
| CVE-2026-24146 | HIGH | 7.5 | NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit … | Apr 07, 2026 |