3 matches found
Security Bulletin: There is a vulnerability in dompurify-3.2.6.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-41238)
Summary There is a vulnerability in dompurify-3.2.6.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are...
CVE-2025-53091 WeGIA has Unauthenticated Time-Based Blind SQL Injection in almox Parameter
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3 the almox parameter of the /controle/getProdutosPorAlmox.php endpoint. This issue allows any unauthenticated...
CVE-2025-53091
WeGIA is vulnerable to an unauthenticated Time-Based Blind SQL Injection in the almox parameter of the /controle/getProdutosPorAlmox.php endpoint (WeGIA version 3.3.3). The issue, caused by lack of input validation, allows an attacker to inject arbitrary SQL queries and potentially access or exfi...