CVE-2026-42776 WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

CVE-2026-42776

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

EUVD-2026-31750

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

CVE-2026-42776 WordPress Sunshine Photo Cart plugin <= 3.6.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7...

PT-2026-43156

Name of the Vulnerable Software and Affected Versions Sunshine Photo Cart versions prior to 3.6.8 Description A missing authorization issue in the WP Sunshine Sunshine Photo Cart plugin allows for the exploitation of incorrectly configured access control security levels. This is a broken access...

PT-2026-42169

Name of the Vulnerable Software and Affected Versions Evince versions prior to 48.2 Atril versions prior to 1.26.3 Atril versions prior to 1.28.4 Xreader versions prior to 3.6.7 Xreader versions prior to 4.6.4 Description Command injection is possible when processing PDF /GoToR actions due to...

Nsasoft SpotAuditor 缓冲区错误漏洞

Nsasoft SpotAuditor is a advanced password recovery software developed by the NSASoft company in the United States. It is designed to recover passwords that have been lost or forgotten from over 40 popular Windows programs and tools. Version 3.6.7 of SpotAuditor contains a buffer overflow...

PT-2026-30475

SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition...

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

EUVD-2026-16884

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

PT-2026-28585

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.7 Description WeGIA is a web manager for charitable institutions. Versions prior to 3.6.7 contain a flaw in the html/socio/sistema/deletar tag.php file. This file utilizes the extract$ REQUEST function on line 14, a...

CVE-2026-33133

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

EUVD-2026-13682

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

CVE-2026-33136

WeGIA Web Manager (versions ≤ 3.6.6) contains a Reflected XSS in listar_memorandos_ativos.php via the sccd parameter, where $_GET['sccd'] is echoed into the HTML without sanitization. This is triggered when $_GET['msg'] equals 'success' and results in an HTML alert containing the attacker-supplie...

EUVD-2026-13680

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

CVE-2026-33135 WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Affected versions: 3.6.6 and earlier. The issue is a Reflected Cross‑Site Scripting (XSS) in the endpoint /html/memorando/novo_memorandoo.php, where the GET parameter sccs is echoed into the HTML response without sanitization when msg equals 'su...