CVE ID :CVE-2026-29206 Published : May 13, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the…
CVE-2026-45158 – OPNsense: Command Injection via Attacker-Controlled DHCP Config
CVE ID :CVE-2026-45158 Published : May 13, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed…
CVE-2026-44447 – ERPNext: Possibility of SQL Injection due to missing validation
CVE ID :CVE-2026-44447 Published : May 13, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were…
CVE-2026-44446 – ERPNext: Possibility of SQL Injection due to missing validation
CVE ID :CVE-2026-44446 Published : May 13, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some…
CVE-2026-44442 – ERPNext: Unauthorised Document modification due to missing validation
CVE ID :CVE-2026-44442 Published : May 13, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed…
CVE-2026-44548 – ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)
CVE ID :CVE-2026-44548 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled…
CVE-2026-44547 – ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2
CVE ID :CVE-2026-44547 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete….
CVE-2026-42289 – ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation
CVE ID :CVE-2026-42289 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission…
CVE-2026-42288 – ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD
CVE ID :CVE-2026-42288 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The…
CVE-2026-41901 – Thymeleaf: Improper recognition of unauthorized syntax patterns in sandboxed Thymeleaf expressions
CVE ID :CVE-2026-41901 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security…