CVE-2026-1000

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

CVE-2026-1023

Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents...

CVE-2026-1022

Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...

EUVD-2026-3152

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

CVE-2026-1018

Police Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing Unauthenticated remote attacker to exploit Absolute Path Traversal to download arbitrary system files...

CVE-2026-1019

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

CVE-2026-1020

Police Statistics Database System developed by Gotac has a Absolute Path Traversal vulnerability, allowing unauthenticated remote attackers to enumerate the system file directory...

PT-2026-3367

Name of the Vulnerable Software and Affected Versions FeMiner wms versions prior to 9cad1f1b179a98b9547fd003c23b07c7594775fa Description A security issue exists in FeMiner wms. The manipulation of the Username argument in the file /src/chkuser.php can lead to SQL injection. This attack can be...

SQL Injection

Overview @veramo/core-types is a Veramo Core Logic & Interfaces. Affected versions of this package are vulnerable to SQL Injection via insufficient validation of the column parameter in the order array processed by the decorateQB function. An attacker can execute arbitrary SQL queries and access...

CVE-2026-23723

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...

CVE-2026-23723

CVE-2026-23723 affects WeGIA, a web manager for charitable institutions. Before version 3.6.2, an authenticated SQL Injection was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. The flaw enables full database exfiltration, exposure of sensitive PII, and pote...

CVE-2026-23723

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...

EUVD-2026-3114

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...

CVE-2026-23723 WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the AtendidoocorrenciaControle endpoint via the idmemorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential...

EUVD-2026-2921

ActiveRecord-JDBC-Adapter AR-JDBC lib/arjdbc/jdbc/adapter.rb sql.gsub Function SQL Injection...

GHSA-5QW5-WF2Q-F538 ActiveRecord-JDBC-Adapter (AR-JDBC) lib/arjdbc/jdbc/adapter.rb sql.gsub() Function SQL Injection

ActiveRecord-JDBC-Adapter AR-JDBC contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the sql.gsub function in lib/arjdbc/jdbc/adapter.rb not properly sanitizing user-supplied input before using it in SQL queries. This may allow a remote attacker to inject or...

CVE-2026-22646

Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information like file paths, database errors, or software versions that can be used to map the application's internal structu...

EUVD-2026-2948

Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120...

EUVD-2026-2947

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...