Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/05/11 6:34 p.m.32 views

CVE-2026-42873 WeGIA: Error Handling Upload DocDependente

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 6:34 p.m.10 views

CVE-2026-42873 WeGIA: Error Handling Upload DocDependente

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

5.8AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.12 views

PT-2026-33502

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript via the "Nome" field in the "Informações Pacientes" page. The payload is stored and executed when the patien...

6.8CVSS5.8AI score0.00204EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to a vulnerability that made the system susceptible to storage-type cross-site scripting attacks. This allowed...

6.4CVSS5.7AI score0.00258EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/12 2:48 p.m.52 views

Traefik: HTTP/2 frames can cause a running server to panic

Summary More Details: - https://nvd.nist.gov/vuln/detail/CVE-2026-27141 - https://pkg.go.dev/golang.org/x/net/http2?tab=versions Patches - https://github.com/traefik/traefik/releases/tag/v3.6.10 - https://github.com/traefik/traefik/releases/tag/v2.11.40 For more information If you have any...

7.5CVSS5.8AI score0.00501EPSS
Exploits0References4Affected Software2
SUSE CVE
SUSE CVE
added 2026/03/12 8:52 a.m.4 views

SUSE CVE-2026-29777

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/11/08 7:9 p.m.6 views

WordPress BuddyPress Groups Extras plugin <= 3.6.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Marek Mikita in WordPress Plugin BuddyPress Groups Extras versions = 3.6.10...

5.4CVSS7AI score0.00151EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/24 12:0 a.m.11 views

PT-2023-16249 · Wireshark +3 · Wireshark +3

Name of the Vulnerable Software and Affected Versions: Wireshark versions 3.6.0 through 3.6.10 Wireshark versions 4.0.0 through 4.0.2 Description: The issue is related to excessive loops in multiple dissectors, which allows for denial of service via packet injection or crafted capture file...

9.8CVSS7.3AI score0.0462EPSS
Exploits35References173
Positive Technologies
Positive Technologies
added 2020/11/23 12:0 a.m.3 views

PT-2020-8676 · Mongodb · Mongodb Server +1

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 4.0.5 MongoDB Server versions prior to 3.6.10 Description: A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch...

6.5CVSS6.9AI score0.01233EPSS
Exploits0References11
OSV
OSV
added 2020/01/30 7:15 p.m.5 views

ALPINE-CVE-2020-8492

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service ReDoS attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking...

6.5CVSS6.9AI score0.06617EPSS
Exploits1References1
Rows per page
Query Builder