CVE ID :CVE-2026-44212 Published : May 14, 2026, 9:16 p.m. | 3 hours, 8 minutes ago Description :PrestaShop is an open source e-commerce web application. Prior to 8.2.6 and 9.1.1, there is a stored…
CVE-2026-42327 – rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
CVE ID :CVE-2026-42327 Published : May 14, 2026, 9:16 p.m. | 3 hours, 9 minutes ago Description :rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP…
CVE-2026-29206 – Apache sqloptimizer SQL Injection Vulnerability
CVE ID :CVE-2026-29206 Published : May 13, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :Insufficient sanitization of SQL queries in the `sqloptimizer` utility script allows SQL Injections on behalf of the…
CVE-2026-45158 – OPNsense: Command Injection via Attacker-Controlled DHCP Config
CVE ID :CVE-2026-45158 Published : May 13, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed…
CVE-2026-44447 – ERPNext: Possibility of SQL Injection due to missing validation
CVE ID :CVE-2026-44447 Published : May 13, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were…
CVE-2026-44446 – ERPNext: Possibility of SQL Injection due to missing validation
CVE ID :CVE-2026-44446 Published : May 13, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some…
CVE-2026-44442 – ERPNext: Unauthorised Document modification due to missing validation
CVE ID :CVE-2026-44442 Published : May 13, 2026, 10:16 p.m. | 2 hours, 8 minutes ago Description :ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.1, certain endpoints failed…
CVE-2026-44548 – ChurchCRM: CSRF via legacy GET-delete pages (FundRaiserDelete.php, PropertyTypeDelete.php, NoteDelete.php)
CVE ID :CVE-2026-44548 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled…
CVE-2026-44547 – ChurchCRM: Incomplete fix for CVE-2026-40582: public API login still bypasses 2FA and account lockout in ChurchCRM 7.2.2
CVE ID :CVE-2026-44547 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete….
CVE-2026-42289 – ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admin Privilege Escalation
CVE ID :CVE-2026-42289 Published : May 12, 2026, 11:16 p.m. | 1 hour, 9 minutes ago Description :ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission…