CVE-2025-22617

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarsocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in t...

CVE-2025-22613

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the informacaoadicional.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2025-22614

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteeditarInfoPessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

CVE-2025-22613

The CVE-2025-22613 entry describes a stored XSS in WeGIA’s informacao_adicional.php endpoint, where the descricao parameter accepts unsanitized input and stores the script on the server. The payload is executed in users’ browsers when the affected page is loaded. Affected software is WeGIA before...

CVE-2025-22614 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_editarInfoPessoal.php ' parameters 'nome' 'SobrenomeForm'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteeditarInfoPessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

CVE-2025-22614 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_editarInfoPessoal.php ' parameters 'nome' 'SobrenomeForm'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the dependenteeditarInfoPessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

CVE-2025-22615

WeGIA CVE-2025-22615 describes a reflected XSS in Cadastro_Atendido.php where the cpf parameter is not validated/sanitized, allowing injected scripts to reflect in the response. The issue affects WeGIA and is addressed in version 3.2.6; users should upgrade. The connected sources also corroborate...

CVE-2025-22615 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'Cadastro_Atendido.php' parameter 'cpf'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the CadastroAtendido.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2025-22617 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_socio.php' parameter 'socio'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarsocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in t...

CVE-2025-22619 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_permissoes.php' parameter 'msg_c'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarpermissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2025-22619

WeGIA (open source web manager) has a Reflected Cross-Site Scripting (XSS) flaw in the editar_permissoes.php endpoint, via the msg_c parameter. The vulnerability arises because user input is not validated or sanitized, allowing benign payloads to be reflected back in the server response and execu...

CVE-2025-22619 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_permissoes.php' parameter 'msg_c'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarpermissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2025-22144

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when t...

CVE-2025-22142 Cross-site Scripting in NamelessMC

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

SonicOS Multiple Post-authentication Vulnerabilities

1 CVE-2024-12803 - SonicOS Post-authentication Stack-based buffer overflow vulnerabilityA post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. CVSS Score: 6.0 CVSS Vector:...

PT-2025-4438 · Elementor · Image Hover Effects For Elementor

Name of the Vulnerable Software and Affected Versions: Image Hover Effects for Elementor versions 1.0.2.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means an attacker can inje...

PT-2025-4339

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6 Description A vulnerability in the Linux kernel has been resolved, which avoids a NULL pointer dereference if no valid extent tree is present. The issue was reported by Syzbot, which triggered a crash with a...

PT-2025-1370 · Weyhan Ng · Post Teaser

Name of the Vulnerable Software and Affected Versions: Post Teaser versions 4.1.5 and earlier Description: The issue is related to a Missing Authorization vulnerability in WeyHan Ng Post Teaser. Recommendations: For Post Teaser versions 4.1.5 and earlier, update to a version later than 4.1.5 to...

PT-2024-36804 · Navidrome +1 · Navidrome +1

Name of the Vulnerable Software and Affected Versions: Navidrome versions prior to 0.54.1 Description: Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file...

CVE-2024-56359

CVE-2024-56359 affects Grist Core: the vulnerability lies in HyperLink cells where clicking a link with a control modifier (e.g., Ctrl+Click) could cause a javascript: URL to run in the current page context, potentially compromising the user’s account. Root cause is mis-sanitized or untrusted Jav...