7.2
CVE-2026-39325 - ChurchCRM has a Blind SQL injection in SettingsUser.php
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extractβ¦
0.0
CVE-2026-39323 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a duplicate of CVE-2026-39326. Notes: All CVE users should reference CVE-2026-39326 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidentβ¦
8.8
CVE-2026-39318 - ChurchCRM has a DDL SQL Injection in GroupPropsFormRowOps.php
ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endpoints `/GroupPropsFormRowOps.php`, `/PersonCustomFieldsRowOps.php`, and `/FamilyCustomFieldsRowOps.php`. A user has to be authenticated. For `ManageGroups` privileges have toβ¦
6.1
CVE-2026-39335 - ChurchCRM has Stored XSS via Unescaped data-* Attributes in Group/Family Controls
ChurchCRM is an open-source church management system. Prior to 7.1.1, there is Stored XSS in group remove control and family editor state/country. This is primarily an admin-to-admin stored XSS path when writable entity fields are abused. This vulnerability is fixed in 7.1.1.
0.0
CVE-2026-39317 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39334. Reason: This candidate is a duplicate of CVE-2026-39334. Notes: All CVE users should reference CVE-2026-39334 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidentβ¦
7.5
CVE-2026-24175 - Server Crash via Malformed Request Header Leading to Denial of Service
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service.
7.5
CVE-2026-24174 - Denial of Service via Malformed Request to NVIDIA Triton Inference Server
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.
7.5
CVE-2026-24173 - Malformed Request Causes Server Crash in NVIDIA Triton Inference Server
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service.
4.8
CVE-2026-24147 - Model Configuration Upload Leading to Information Disclosure in NVIDIA Triton Inference Server
NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful exploit of this vulnerability may lead to information disclosure or denial of service.
7.5
CVE-2026-24146 - Denial of Service in NVIDIA Triton Inference Server Due to Insufficient Input Validation
NVIDIA Triton Inference Server contains a vulnerability where insufficient input validation and a large number of outputs could cause a server crash. A successful exploit of this vulnerability might lead to denial of service.