Skip to main content
CVE-2025-1135 CRITICAL POC Act Now

A vulnerability exists in ChurchCRM 5.13.0. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-1134 CRITICAL POC Act Now

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-1133 CRITICAL POC Act Now

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based blind SQL Injection vulnerability in the EditEventAttendees. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-1132 CRITICAL POC Act Now

A time-based blind SQL Injection vulnerability exists in the ChurchCRM 5.13.0 and prior EditEventAttendees.php within the EN_tyid parameter. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP SQLi Churchcrm
NVD GitHub
CVSS 4.0
9.3
EPSS
0.1%
CVE-2023-46271 CRITICAL Act Now

Extreme Networks IQ Engine before 10.6r1a, and through 10.6r4 before 10.6r5, has a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-35546 CRITICAL Act Now

Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy