CVE ID :CVE-2026-44548 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled…
CVE-2026-44547 – ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2
CVE ID :CVE-2026-44547 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete….
CVE-2026-42289 – ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation
CVE ID :CVE-2026-42289 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission…
CVE-2026-42288 – ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD
CVE ID :CVE-2026-42288 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The…
CVE-2026-41901 – Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
CVE ID :CVE-2026-41901 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security…
CVE-2026-43913 – Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault
CVE ID :CVE-2026-43913 Published : May 11, 2026, 11:20 p.m. | 1 hour, 5 minutes ago Description :Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden allows an unconfirmed organization owner…
CVE-2026-43912 – Vaultwarden: Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another Organization
CVE ID :CVE-2026-43912 Published : May 11, 2026, 11:20 p.m. | 1 hour, 5 minutes ago Description :Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a…
CVE-2026-43900 – DeepChat: Persistent DOM XSS via HTML Entity Encoding in “ SVG Rendering (Bypass of `svgSanitizer.ts`)
CVE ID :CVE-2026-43900 Published : May 11, 2026, 11:20 p.m. | 1 hour, 5 minutes ago Description :DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1,…
CVE-2026-43899 – DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`
CVE ID :CVE-2026-43899 Published : May 11, 2026, 11:20 p.m. | 1 hour, 5 minutes ago Description :DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1,…
CVE-2026-34963 – barebox EFI PE Loader Memory Safety Vulnerabilities
CVE ID :CVE-2026-34963 Published : May 11, 2026, 11:19 p.m. | 1 hour, 5 minutes ago Description :barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where…