5.3
CVE-2026-39940 - ChurchCRM has an Open Redirect via the βlinkBackβ URL Parameter in DonatedItemEditor.php
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For tβ¦
5.3
CVE-2026-6191 - itsourcecode Construction Management System equipments.php sql injection
A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and β¦
5.3
CVE-2026-6190 - itsourcecode Construction Management System employees.php sql injection
A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and cβ¦
6.9
CVE-2026-6189 - SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has β¦
6.8
CVE-2025-31991 - HCL DevOps Velocity is susceptible to brute-force attacks
Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit.Β This vulnerability is fixed in 5.1.7.
7.5
CVE-2026-34188 - OS Command Injection in Event Response Execution
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800
8.7
CVE-2026-34186 - SQL Injection in Custom Fields leads to Database Compromise
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800
8.7
CVE-2026-30813 - SQL Injection in Module Search leads to Database Compromise
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800
2.1
CVE-2026-30812 - Stored Cross-Site Scripting in Event Comments via Filter Bypass
Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800
8.4
CVE-2026-30811 - Missing Authorization in Configuration Ajax Endpoint leads to Information Disclosure
Missing Authorization vulnerability allows Exposure of Sensitive Information via configuration endpoint. This issue affects Pandora FMS: from 777 through 800