1. ChurchCRM Vulnerability CVE-2026-44548 Allows Unintended Delete Actions via Cross-Site Navigation Prior to 7.3.2
A high-severity cross-site navigation vulnerability has been identified in ChurchCRM, an open-source church management system, affecting versions prior to 7.3.2. Tracked as CVE-2026-44548 with a CVSS score of 8.1, the flaw enables an attacker-controlled page to trigger delete operations on a victim's logged-in session ...