CVE ID :CVE-2026-40582 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the…
CVE-2026-40581 – ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion
CVE ID :CVE-2026-40581 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php)…
CVE-2026-40484 – ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function
CVE ID :CVE-2026-40484 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts…
CVE-2026-40349 – Authenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=true
CVE ID :CVE-2026-40349 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :Movary is a self hosted web app to track and rate a user’s watched movies. Prior to version…
CVE-2026-40324 – Hot Chocolate’s Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents
CVE ID :CVE-2026-40324 Published : April 18, 2026, 12:16 a.m. | 24 minutes ago Description :Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate’s recursive…
CVE-2026-22734 – Cloud Foundry UAA SAML 2.0 Signature Bypass
CVE ID :CVE-2026-22734 Published : April 16, 2026, 11:33 p.m. | 1 hour, 7 minutes ago Description :Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any…
CVE-2026-40322 – SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE
CVE ID :CVE-2026-40322 Published : April 16, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered…
CVE-2026-40318 – SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
CVE ID :CVE-2026-40318 Published : April 16, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and prior, the /api/av/removeUnusedAttributeView endpoint constructs…
CVE-2026-40259 – SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API
CVE ID :CVE-2026-40259 Published : April 16, 2026, 11:16 p.m. | 1 hour, 24 minutes ago Description :SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is…
CVE-2026-41113 – Sagredo Qmail TLS Quit Remote Code Execution Vulnerability
CVE ID :CVE-2026-41113 Published : April 16, 2026, 10:16 p.m. | 2 hours, 24 minutes ago Description :sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. Severity:…