Ubigeo de Peru < 3.6.4 - SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections. id: CVE-2022-0814 info: name: Ubigeo de Peru 3.6.4 - SQL Injection author: r3Y3r53...

kaido-waf

⚔️ Kaido WAF Web Application Firewall do Kaido Red Team...

Soul-Collector

Windows Post-Exploitation & Credential Hunting Tool Uma ferra...

ccdd-poc

ccdd-poc — ¿Dónde está el límite de un solucionador de issues...

llmbias-tse

llmbias-tse Prova de conceito POC do projeto InternetLab...

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

Proxmox-Network-Lab

Proxmox Network Lab + Hardening Despliegue de servicios corpo...

ethical-hacking-toolkit

ethical-hacking-toolkit Ferramentas de segurança ofensiva e d...

EUVD-2026-29195

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processoaceitacao.php page, which is executed when user access t...

CVE-2026-45025 WeGIA: Stored XSS in html/atendido/etapa_processo.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" html/atendido/etapaprocesso.php page, which is executed when user access the...

CVE-2026-42609

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

WeGIA 跨站脚本漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss scripts, which could allow authenticated users to inject malicious JavaScript into the...

WeGIA 跨站脚本漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-cross-site scripting, which could allow authenticated users to inject malicious JavaScript into...

PT-2026-39738

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" html/atendido/etapa processo.php page, which is executed when user access th...

projeto-conexoes-seguras

Projeto Conexões Seguras Faculdade de Tecnologia SENAI Feli...

Brave Desktop 1.90.121 Security Fixes

Changed IPFS gateway usage from "ipfs.io" to "inbrowser.link" for IPFS domain resolution. - Fixed broken address bar layout for narrow window widths. - Updated body-sniffing to respect "Content-Disposition: attachment" in de-AMP as reported on HackerOne by newfunction. Upgraded Chromium to...

GHSA-RR73-568V-28F8 Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account'...

osint-automation-engine

🛡️ OSINT Framework V6.1 !Bashhttps://img.shields.io/badge...

web-app-attacks-avengers

web-app-attacks-avengers Ataque a aplicación web: SQL Injectio...