CVE-2026-4304

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

SUSE CVE-2026-42216

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init reconstructs strings from a prefix-compressed...

CVE-2026-42217

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

EUVD-2026-28300

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

CVE-2026-41142

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

PT-2026-38334

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description The IDManifest::init function reconstructs strings from a prefix-compressed representation. When a previous string...

EUVD-2026-27329

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2026-4304

The CVE-2026-4304 entry concerns the WeePie Cookie Allow plugin for WordPress. Affected component: the plugin, throughout all versions up to and including 3.4.11. Root cause: insufficient escaping of the user-supplied consent parameter and lack of proper preparation in the SQL query, enabling SQL...

CVE-2026-4304

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2026-37045

The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and including, 3.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

FreeBSD : openexr -- multiple vulnerabilities (787cde46-4424-11f1-943f-05b19d100dca)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 787cde46-4424-11f1-943f-05b19d100dca advisory. Cary Phillips reports: OpenEXR v3.4.11 is a patch release that addresses the following securit...

CVE-2023-50330

A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...

EUVD-2019-7819

Malware in sbrugna...

EUVD-2025-27183

Malicious code in bioql PyPI...

CVE-2025-58745

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

CVE-2025-58745

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

CVE-2025-58452

WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listardespachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the idmemorando parameter...

CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...

CVE-2025-58452 WeGIA vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint 'listar_despachos.php' parameter 'id_memorando'

WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listardespachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the idmemorando parameter...