NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2026-39330	ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyAssign.php in ...	2026-04-07	8.8	NETWORK	HIGH	NVD
CVE-2026-39329	ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was identified in /EventNames.php in ChurchCRM. A...	2026-04-07	8.8	NETWORK	HIGH	NVD
CVE-2026-39328	ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile...	2026-04-07	8.9	NETWORK	HIGH	NVD
CVE-2026-39327	ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php i...	2026-04-07	8.8	NETWORK	HIGH	NVD
CVE-2026-39326	ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php...	2026-04-07	8.8	NETWORK	HIGH	NVD
CVE-2026-39325	ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in Ch...	2026-04-07	7.2	NETWORK	HIGH	NVD
CVE-2026-39324	Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failur...	2026-04-07	9.3	NETWORK	CRITICAL	NVD
CVE-2026-39321	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.6 and 8.6.74, he login en...	2026-04-07	3.7	NETWORK	LOW	NVD
CVE-2026-39319	ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiser...	2026-04-07	8.8	NETWORK	HIGH	NVD
CVE-2026-39318	ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endpoints `/GroupPropsFormRow...	2026-04-07	8.8	NETWORK	HIGH	NVD
CVE-2026-35576	ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting (XSS) vulnerability exists in ChurchCRM within the...	2026-04-07	8.7	NETWORK	HIGH	NVD
CVE-2026-35575	ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting (Stored XSS) vulnerability in the admin panel’s gr...	2026-04-07	8.0	NETWORK	HIGH	NVD
CVE-2026-35573	ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allow...	2026-04-07	9.1	NETWORK	CRITICAL	NVD
CVE-2026-35572	ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts (SS...	2026-04-07	6.0	NETWORK	MEDIUM	NVD
CVE-2026-31272	MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks prop...	2026-04-07	9.8	NETWORK	CRITICAL	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.