CVE Feeds
CVE News Feed
Updates on the latest vulnerabilities detected.
-
CVE-2025-68401 - ChurchCRM has Stored Cross-Site Scripting (XSS) vulnerability that leads to session theft and account takeover
CVE ID :CVE-2025-68401
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. Prior to version 6.0.0, the application stores user-supplied HTML/JS without sufficient sanitization/encoding. When other users later view this content, attacker-controlled JavaScript executes in their browser (stored XSS). In affected contexts the script can access web origin data and perform privileged actions as the victim. Where session cookies are not marked HttpOnly, the script can read document.cookie, enabling session theft and account takeover. Version 6.0.0 patches the issue.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68400 - ChurchCRM vulnerable to time-based blind SQL Injection in ConfirmReportEmail.php
CVE ID :CVE-2025-68400
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in the legacy endpoint `/Reports/ConfirmReportEmail.php` in ChurchCRM prior to version 6.5.3. Although the feature was removed from the UI, the file remains deployed and reachable directly via URL. This is a classic case of *dead but reachable code*. Any authenticated user - including one with zero assigned permissions - can exploit SQL injection through the `familyId` parameter. Version 6.5.3 fixes the issue.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68399 - ChurchCRM has Stored Cross-Site Scripting (XSS) In GroupEditor.php
CVE ID :CVE-2025-68399
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting (XSS) vulnerability within the GroupEditor.php page of the application. When a user attempts to create a group role, they can execute malicious JavaScript. However, for this to work, the user must have permission to view and modify groups in the application. Version 6.5.4 fixes the issue.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68275 - ChurchCRM vulnerable to Stored XSS - Group name > Person Listing
CVE ID :CVE-2025-68275
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a stored cross-site scripting vulnerability on the pages `View Active People`, `View Inactive people`, and `View All People`. Version 6.5.3 fixes the issue.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68129 - Auth0-PHP SDK has Improper Audience Validation
CVE ID :CVE-2025-68129
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if they use Auth0-PHP SDK versions between v8.0.0 and v8.17.0, or applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0: Auth0/symfony versions between 5.0.0 and 5.5.0, Auth0/laravel-auth0 versions between 7.0.0 and 7.19.0, and/or Auth0/wordpress plugin versions between 5.0.0-BETA0 and 5.4.0. Auth0/Auth0-PHP version 8.18.0 contains a patch for the issue.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68118 - Potential Heap Out-of-Bounds Read in freerdp_certificate_data_hash_ via Unsafe _snprintf Usage
CVE ID :CVE-2025-68118
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.0, a vulnerability exists in FreeRDP’s certificate handling code on Windows platforms. The function `freerdp_certificate_data_hash_ uses` the Microsoft-specific `_snprintf` function to format certificate cache filenames without guaranteeing NUL termination when truncation occurs. According to Microsoft documentation, `_snprintf` does not append a terminating NUL byte if the formatted output exceeds the destination buffer size. If an attacker controls the hostname value (for example via server redirection or a crafted .rdp file), the resulting filename buffer may not be NUL-terminated. Subsequent string operations performed on this buffer may read beyond the allocated memory region, resulting in a heap-based out-of-bounds read. In default configurations, the connection is typically terminated before sensitive data can be meaningfully exposed, but unintended memory read or a client crash may still occur under certain conditions. Version 3.20.0 has a patch for the issue.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68114 - Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow
CVE ID :CVE-2025-68114
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68112 - ChurchCRM has SQL injection in EditEventAttendees.php
CVE ID :CVE-2025-68112
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potential system takeover. The vulnerability enables attackers to extract sensitive member data, authentication credentials, and financial information from the church management system. Version 6.5.3 contains a patch for the issue.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68111 - ChurchCRM has SQL Injection in eGive Import Feature
CVE ID :CVE-2025-68111
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability exists in the `eGive.php` file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL queries by manipulating the `MissingEgive_FamID_...` POST parameter. This can lead to unauthorized data access, modification, or deletion within the database. Version 6.5.3 has a patch for the issue.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68110 - ChurchCRM discloses database information on error message
CVE ID :CVE-2025-68110
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message including the host, ip, username, and password. Version 6.5.3 fixes the issue.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-68109 - ChurchCRM vulnerable to RCE with database restore functionality
CVE ID :CVE-2025-68109
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct access to it. Once accessed, the uploaded web shell allows remote code execution (RCE) on the server. Version 6.5.3 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67877 - ChurchCRM SQL Injection Vulnerability
CVE ID :CVE-2025-67877
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. Versions prior to 6.5.3 have a SQL injection vulnerability in the `src/CartToFamily.php` file, specifically in how the `PersonAddress` POST parameter is handled. Unlike other parameters in the same file which are correctly cast to integers using the `InputUtils` class, the `PersonAddress` parameter is missing the type definition. This allows an attacker to inject arbitrary SQL commands directly into the query. Version 6.5.3 fixes the issue.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67876 - ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking
CVE ID :CVE-2025-67876
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. A stored cross-site scripting (XSS) vulnerability exists in ChurchCRM versions 6.4.0 and prior that allows a low-privilege user with the “Manage Groups” permission to inject persistent JavaScript into group role names. The payload is saved in the database and executed whenever any user (including administrators) views a page that displays that role, such as GroupView.php or PersonView.php. This allows full session hijacking and account takeover. As of time of publication, no known patched versions are available.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67875 - ChurchCRM has stored XSS via Person Property Assignment Leading to Admin Session Hijacking
CVE ID :CVE-2025-67875
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :ChurchCRM is an open-source church management system. A privilege escalation vulnerability exists in ChurchCRM prior to version 6.5.3. An authenticated user with specific mid-level permissions ("Edit Records" and "Manage Properties and Classifications") can inject a persistent Cross-Site Scripting (XSS) payload into an administrator's profile. The payload executes when the administrator views their own profile page, allowing the attacker to hijack the administrator's session, perform administrative actions, and achieve a full account takeover. This vulnerability is a combination of two separate flaws: an Insecure Direct Object Reference (IDOR) that allows any user to view any other user's profile, and a Broken Access Control vulnerability that allows a user with general edit permissions to modify any other user's record properties. Version 6.5.3 fixes the issue.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67873 - Capstone doesn't check Skipdata length, leading to cs_insn.bytes heap buffer overflow
CVE ID :CVE-2025-67873
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67794 - An issue was discovered in DriveLock 24.1 through
CVE ID :CVE-2025-67794
Published : Dec. 17, 2025, 10:16 p.m. | 16 minutes ago
Description :An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67791 - DriveLock Agent Authentication Bypass
CVE ID :CVE-2025-67791
Published : Dec. 17, 2025, 10:15 p.m. | 16 minutes ago
Description :An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES (DriveLock Enterprise Service).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-14832 - itsourcecode Online Cake Ordering System updateproduct.php sql injection
CVE ID :CVE-2025-14832
Published : Dec. 17, 2025, 10:15 p.m. | 16 minutes ago
Description :A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67793 - DriveLock Privilege Escalation Vulnerability
CVE ID :CVE-2025-67793
Published : Dec. 17, 2025, 9:16 p.m. | 1 hour, 16 minutes ago
Description :An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the Administrator role. This issue mainly affects cloud multi-tenant deployments; on-prem single-tenant installations are typically not impacted because local admins usually already have Supervisor privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-67792 - DriveLock Arbitrary Command Execution Vulnerability
CVE ID :CVE-2025-67792
Published : Dec. 17, 2025, 9:16 p.m. | 1 hour, 16 minutes ago
Description :An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Information
Vortech Consulting is a network security and design consulting firm originally founded in 1997. Over our nearly 30 year history we have provided security services and products for a wide variety of companies around the globe.
Company
Who's Online
We have 459 guests and no members online