NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-71058	Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured...	2026-04-07	9.1	NETWORK	CRITICAL	NVD
CVE-2026-39344	ChurchCRM is an open-source church management system. Prior to 7.1.0, there is a Reflected Cross-Site Scripting (XSS) vulnerability on the login page,...	2026-04-07	N/A	None	None	NVD
CVE-2026-39343	ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is on...	2026-04-07	7.2	NETWORK	HIGH	NVD
CVE-2026-39342	ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to ...	2026-04-07	8.8	NETWORK	HIGH	NVD
CVE-2026-39341	ChurchCRM is an open-source church management system. Prior to 7.1.0, the application is vulnerable to time-based SQL injection due to an improper inp...	2026-04-07	8.1	NETWORK	HIGH	NVD
CVE-2026-39340	ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the admi...	2026-04-07	8.1	NETWORK	HIGH	NVD
CVE-2026-39339	ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (C...	2026-04-07	9.1	NETWORK	CRITICAL	NVD
CVE-2026-39338	ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parame...	2026-04-07	6.1	NETWORK	MEDIUM	NVD
CVE-2026-39337	ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's s...	2026-04-07	10.0	NETWORK	CRITICAL	NVD
CVE-2026-39336	ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting issue affects the Directory Reports form fields se...	2026-04-07	6.1	NETWORK	MEDIUM	NVD
CVE-2026-39335	ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. Thi...	2026-04-07	6.1	NETWORK	MEDIUM	NVD
CVE-2026-39334	ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php...	2026-04-07	8.8	NETWORK	HIGH	NVD
CVE-2026-39333	ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input (DateStart and DateE...	2026-04-07	8.7	NETWORK	HIGH	NVD
CVE-2026-39332	ChurchCRM is an open-source church management system. Prior to 7.1.0, a reflected Cross-Site Scripting (XSS) vulnerability in GeoPage.php allows any a...	2026-04-07	8.7	NETWORK	HIGH	NVD
CVE-2026-39331	ChurchCRM is an open-source church management system. Prior to 7.1.0, an authenticated API user can modify any family record's state without proper au...	2026-04-07	8.1	NETWORK	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.