PT-2026-30734

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IsaidaControle. The...

Security Bulletin: IBM Maximo Application suite Visual Inspection Component back ported version 8.9.x uses components that are vulnerable to CVE-2021-31684, CVE-2023-1370, CVEID: CVE-2023-52428, CVE-2024-7254,CVE-2024-27268.

Summary IBM Maximo Application suite Visual Inspection Component back ported version 8.9.x uses components that are vulnerable to CVE-2021-31684, CVE-2023-1370, CVEID: CVE-2023-52428, CVE-2024-7254,CVE-2024-27268. This Bulletine contains information of the vulerable product version and it's...

Kibana 8.19.11, 9.2.5 Security Update (ESA-2026-14)

Inefficient Regular Expression Complexity in Kibana Leading to Denial of Service Inefficient Regular Expression Complexity CWE-1333 in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup CAPEC-492. Affected Versions: 8.x: All versio...

MiracleLinux 7 : bind-9.11.4-16.P2.2.0.1.el7.AXS7 (AXBA:2020-4703:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2020-4703:02 advisory. - managed-keys is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use ...

CVE-2025-31046 WordPress AnyWhere Elementor Pro plugin <= 2.29 - Broken Access Control Vulnerability

Missing Authorization vulnerability in WPvibes AnyWhere Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyWhere Elementor Pro: from n/a through 2.29...

EUVD-2025-203555

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through = 9.0.9...

CVE-2024-44921

SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del...

CVE-2023-4663

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9...

Shinseiyo Sogo Soft 代码问题漏洞

Shinseiyo Sogo Soft is a software used by Japan's Ministry of Justice to process legal documents and information. A security vulnerability exists in Shinseiyo Sogo Soft version 7.9A and prior versions, which arises from incorrectly restricting XML external entity references...

UBUNTU-CVE-2022-2345

Use After Free in GitHub repository vim/vim prior to 9.0.0046...

HotkeyP Elevation of Privilege Vulnerability

HotkeyP is a hotkey management utility program. A security vulnerability exists in the 'privilege' function of the Commands.cpp file in HotkeyP 4.9 r96 and earlier. An attacker can exploit this vulnerability to elevate privileges...

CVE-2016-3039

IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service memory consumption via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...