4 matches found
PT-2026-38335
Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description The readVariableLengthInteger function decodes a variable-length integer from untrusted EXR input without bounding the...
CVE-2025-58452
WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the listardespachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the idmemorando parameter...
CVE-2025-58453
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibeanexo.php, in the idanexo parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries,...
CVE-2025-58453 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'exibe_anexo.php' parameter 'id_anexo'
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibeanexo.php, in the idanexo parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries,...