CVE-2025-53934

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the control.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

CVE-2025-53937 WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the /controle/control.php endpoint, specifically in the cargo parameter, of WeGIA prior to version 3.4.5. This vulnerability allows attackers to...

BIT-PARSE-2025-53364 Parse Server exposes the data schema via GraphQL API

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While sche...

CVE-2025-53895 ZITADEL has broken authN and authZ in session API and resulting session tokens

ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL's session management API allows any authenticated user to update a session if they know its ID, due to a missing permission chec...

CVE-2025-53823 WeGIA vulnerable to SQL Injection (Blind Time-Based) in `processa_deletar_socio.php` parameter `id_socio`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint /WeGIA/html/socio/sistema/processadeletarsocio.php, in the idsocio parameter. This vulnerability allows the execution...

CVE-2025-53820 WeGIA vulnerable to Cross-Site Scripting (XSS) Reflected via endpoint 'index.php' parameter 'erro'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the index.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

CVE-2025-53639 Metersphere has SQL Injection Vulnerability in Sorting Field

MeterSphere is an open source continuous testing platform. Prior to version 3.6.5-lts, the sortField parameter in certain API endpoints is not properly validated or sanitized. An attacker can supply crafted input to inject and execute arbitrary SQL statements through the sorting functionality. Th...

PT-2025-29861 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open-source web manager designed for Portuguese-speaking users and charitable organizations. A Reflected Cross-Site Scripting XSS vulnerability exists in the cadastro adotante.php endpoin...

CVE-2025-53637 Meshtastic allows Command Injection in GitHub Action

Meshtastic is an open source mesh networking solution. The mainmatrix.yml GitHub Action is triggered by the pullrequesttarget event, which has extensive permissions, and can be initiated by an attacker who forked the repository and created a pull request. In the shell code execution part,...

Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities

Summary There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Analytics Content Hub. Additionally, IBM Analytics Content Hub is vulnerable to Unrestricted File Upload, Information Disclosure, Java Source Map and Verbose Messaging vulnerabilities. This Security...

MAL-2025-5657 Malicious code in rambler-id (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0d88b84167baafecc35066da4403daf40828ae3e5e178b06cb0d27c85670839c The OpenSSF Package Analysis project identified 'rambler-id' @ 91.9.9...

[SECURITY] Fedora 42 Update: mbedtls-3.6.4-1.fc42

Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their embedded applications with as little hassle as possible...

PT-2025-27633 · Unknown · Linkwarden

Name of the Vulnerable Software and Affected Versions: Linkwarden version 2.10.2 Description: The issue concerns a File Path Disclosure Vulnerability in Linkwarden, a self-hosted, open-source collaborative bookmark manager. In the affected version, the server accepts links of the format...

CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

SourceCodester Best Salon Management System 注入漏洞

SourceCodester Best Salon Management System is a SourceCodester open source salon management system. SourceCodester Best Salon Management System version 1.0 has an injection vulnerability, the vulnerability stems from the incorrect operation of the parameter editid in the file /panel/edit-tax.php...

[SECURITY] Fedora 41 Update: moodle-4.4.9-1.fc41

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities...

SourceCodester Best Salon Management System 注入漏洞

SourceCodester Best Salon Management System is SourceCodester open source a salon management system. SourceCodester Best Salon Management System version 1.0 has an injection vulnerability, the vulnerability stems from the wrong operation of the parameter userid/planid in the file...

Security Bulletin: IBM Cognos Analytics is affected by security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Analytics. There are vulnerabilities in multiple Open Source Software OSS components consumed by IBM Cognos Analytics. Additionally, IBM Cognos Analytics is vulnerable to a Stored Cross-Site Scripting XSS vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics

Summary There are vulnerabilities in Open Source Software OSS components consumed by IBM Planning Analytics. This Security Bulletin relates only to the direct usage of third-party components by IBM Planning Analytics Workspace and not any nested dependencies within the product. Vulnerability...

CVE-2025-47943 Gogs stored XSS in PDF renderer

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting XSS vulnerability present in Gogs, which allows client-side Javascript code execution. The vulnerability is caused by the usage of a vulnerable and outdated componen...