Skip to main content
CVE-2026-5627 HIGH PATCH This Week

Path traversal in mintplex-labs/anything-llm (versions ≤1.9.1) allows authenticated administrators to read or delete arbitrary JSON files on the server, bypassing directory restrictions in the AgentFlows component. Exploitation requires high privileges (administrator access) but achieves cross-scope impact including leaking sensitive API keys from configuration files or destroying critical package.json files. Fixed in version 1.12.1. No public exploit identified at time of analysis, though technical details are disclosed via Huntr bounty platform.

Path Traversal Information Disclosure Denial Of Service Mintplex Labs Anything Llm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-39343 HIGH PATCH This Week

SQL injection in ChurchCRM 7.0.x and earlier allows authenticated administrators to execute arbitrary SQL commands via unsanitized EN_tyid parameter in EditEventTypes.php. While requiring high-privilege administrative access (CVSS PR:H), successful exploitation enables complete database compromise including data exfiltration, modification, and potential server-level access through database features. Patched in version 7.1.0. No public exploit identified at time of analysis, EPSS data not available for assessment.

PHP SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-39325 HIGH PATCH This Week

SQL injection in ChurchCRM 7.0.5 allows authenticated administrators to execute arbitrary SQL commands through the /SettingsUser.php endpoint's type array parameter. Attackers with high-privilege administrative access can extract sensitive database contents, modify church records, or potentially escalate privileges within the system. Fixed in version 7.1.0. No public exploit identified at time of analysis, with EPSS probability data unavailable for this recent CVE.

PHP SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-39370 HIGH GHSA This Week

Server-Side Request Forgery (SSRF) in WWBN AVideo 26.0 and earlier allows authenticated uploaders to exfiltrate data from internal network resources via objects/aVideoEncoder.json.php. The flaw bypasses existing SSRF protections by permitting attacker-controlled URLs with common media extensions (.mp4, .mp3, .zip, .jpg, .png, .gif, .webm), forcing the server to fetch and store arbitrary remote content. This represents an incomplete fix for CVE-2026-27732. No public exploit identified at time of analysis. CVSS 7.1 with network-accessible attack vector requiring low-privileged authentication.

SSRF PHP
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-35572 HIGH PATCH This Week

Server-Side Request Forgery in ChurchCRM versions prior to 6.5.3 allows authenticated administrators to trigger outbound HTTP/HTTPS requests to arbitrary external hosts by injecting malicious URLs into the Referer header. Attackers with high-privilege access can exploit this to probe internal networks, exfiltrate data, or interact with cloud metadata services. CVSS 7.0 reflects medium-high severity requiring privileged access (PR:H). No public exploit identified at time of analysis, though SSRF exploitation techniques are well-documented. EPSS data not provided, but the requirement for admin credentials significantly reduces real-world attack surface compared to unauthenticated SSRF vulnerabilities.

SSRF Crm
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-14859 HIGH This Week

Cryptographic bypass in Semtech LR11xx LoRa transceiver secure boot allows physically proximate attackers to install arbitrary firmware via hash collision. The implementation uses a non-standard, collision-vulnerable hashing algorithm (CWE-327), enabling second preimage attacks that forge signed firmware images. Affects LR1110, LR1120, and LR1121 transceivers widely deployed in IoT/LoRaWAN devices. CVSS 7.0 requires physical access (AV:P), low complexity, no privileges. No public exploit identified at time of analysis; EPSS data unavailable for this recent CVE.

Authentication Bypass Lr1110 Lr1120 Lr1121
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-14821 HIGH PATCH This Week

Local man-in-the-middle and SSH security downgrade in libssh on Windows stems from the library automatically loading configuration files from C:\etc, a directory that any unprivileged local user can create and populate. By planting a malicious config, an attacker can manipulate trusted host data and weaken SSH cryptographic negotiation, compromising the confidentiality, integrity, and availability of SSH sessions established by applications linking libssh. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not in CISA KEV.

Microsoft Information Disclosure Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 +4
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy