CVE-2026-38719

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enetencap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled itemcount value that is not consistently...

SUSE CVE-2026-42268

ModSecurity is an open source, cross platform web application firewall WAF engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception std::outofrange caused by unsigned integer underflow in libmodsecurity3 if the user administrator uses a rule any of @verifySSN...

CVE-2026-42268

A flaw was found in ModSecurity, an open-source web application firewall WAF. This vulnerability occurs when an administrator configures a rule that uses @verifySSN, @verifyCPF, or @verifySVNR functions. An unhandled exception, specifically an unsigned integer underflow, can lead to a denial of...

PT-2026-41681

OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format CPF parser, specifically in CreateCommonPacketFormatStructure in source/src/enet encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item count value that is not consistently...

CVE-2026-42268

ModSecurity (libmodsecurity3) versions 3.0.0–3.0.14 expose an unhandled std::out_of_range exception caused by an unsigned integer underflow when using the operators @verifySSN, @verifyCPF, or @verifySVNR. The vulnerability affects the WAF engine for Apache, IIS, and Nginx and is fixed in 3.0.15. ...

PT-2026-36537

Name of the Vulnerable Software and Affected Versions libModSecurity3 versions prior to 3.0.15 Description A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. This allows an attacker to crash worker processe...

Test-Extensions

Burp Suite Security Extensions — Burp Challenge Objetivo...

EUVD-2026-23529

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

CVE-2025-62179

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, specifically in the cpf parameter. This vulnerability allows...

CVE-2025-62179

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, specifically in the cpf parameter. This vulnerability allows...

CVE-2025-62179

The CVE concerns WeGIA, an open source Web Manager for Institutions. A SQL injection vulnerability exists in the endpoint /html/funcionario/cadastro_funcionario_pessoa_existente.php, specifically in the cpf parameter, up to version 3.5.0. This flaw allows an attacker to execute arbitrary SQL comm...

CVE-2025-62179 WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pessoa_existente.php`

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, specifically in the cpf parameter. This vulnerability allows...

EUVD-2025-34097

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, specifically in the cpf parameter. This vulnerability allows...

CVE-2025-62179 WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pessoa_existente.php`

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, specifically in the cpf parameter. This vulnerability allows...

CVE-2025-62179 WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pessoa_existente.php`

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, specifically in the cpf parameter. This vulnerability allows...

PT-2025-41817

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.1 Description WeGIA is a Web Manager for Institutions. A SQL Injection issue exists in the /html/funcionario/cadastro funcionario pessoa existente.php API endpoint, specifically affecting the cpf parameter. Successf...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.5.1, which stems from an SQL injection in the cpf parameter in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, whic...

EUVD-2024-30563

Malicious code in bioql PyPI...

EUVD-2025-3081

Malicious code in bioql PyPI...

EUVD-2025-31083

Malicious code in bioql PyPI...