packetstorm - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	PACKETSTORM:218759	📄 ChurchCRM SQL Injection_PACKETSTORM:218759 ChurchCRM versions prior to 6.5.3 suffer from a remote SQL injection vulnerability in ConfirmReportEmail.php...	N/A	N/A	Apr 13, 2026	PACKETSTORM
HIGH 8.8	PACKETSTORM:218735	📄 FacturaScripts SQL Injection_PACKETSTORM:218735 FacturaScripts versions prior to 2025.81 suffer from a remote SQL injection vulnerability in the API ORDER BY clause...	N/A	N/A	Apr 13, 2026	PACKETSTORM
HIGH 8.7	PACKETSTORM:218738	📄 OpenSTAManager 2.9.8 SQL Injection_PACKETSTORM:218738 OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Prima Nota module...	N/A	N/A	Apr 13, 2026	PACKETSTORM
NONE	PACKETSTORM:218786	📄 Cockpit CMS 2.13.5 NoSQL Injection_PACKETSTORM:218786 Cockpit CMS version 2.13.5 is vulnerable to NoSQL operator injection on multiple API endpoints. User-supplied filter objects are forwarded to the M...	N/A	N/A	Apr 13, 2026	PACKETSTORM
HIGH 8.7	PACKETSTORM:218741	📄 OpenSTAManager 2.9.8 SQL Injection_PACKETSTORM:218741 OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario bulk operations module...	N/A	N/A	Apr 13, 2026	PACKETSTORM
NONE	PACKETSTORM:218775	📄 Dolibarr 22.0.4 Command Injection_PACKETSTORM:218775 Dolibarr versions 22.0.4 and below suffer from a remote code injection vulnerability via via MAINODTASPDF...	N/A	N/A	Apr 13, 2026	PACKETSTORM
MEDIUM 6.8	PACKETSTORM:218770	📄 TypiCMS Cross Site Scripting_PACKETSTORM:218770 TypiCMS versions prior to 16.1.7 suffer from a persistent cross site scripting via SVG file uploads...	N/A	N/A	Apr 13, 2026	PACKETSTORM
HIGH 8.7	PACKETSTORM:218752	📄 OpenSTAManager 2.9.8 SQL Injection_PACKETSTORM:218752 OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario Print Template...	N/A	N/A	Apr 13, 2026	PACKETSTORM
CRITICAL 9.3	PACKETSTORM:218768	📄 ChurchCRM 6.4.0 Cross Site Scripting_PACKETSTORM:218768 ChurchCRM versions 6.4.0 and below suffer from persistent cross site scripting vulnerability in group role name assignment...	N/A	N/A	Apr 13, 2026	PACKETSTORM
HIGH 7.8	PACKETSTORM:218666	📄 7-Zip Directory Traversal / Code Execution_PACKETSTORM:218666 7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file...	N/A	N/A	Apr 10, 2026	PACKETSTORM