CVE-2026-8320

A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the component updatePlatformConfigByKey Endpoint. Such manipulation of the argument weixinUrl lead...

CVE-2018-25356 SIPp 3.6 Local Buffer Overflow via Command-line Arguments

SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -logfile parameters,...

SUSE-SU-2026:1952-1 Security update for ovmf

This update for ovmf fixes the following issues - CVE-2026-25833: mbedtls: buffer underflow in x509inetptonipv6 bsc1261476. - CVE-2026-25834: mbedtls: Algorithm downgrade vulnerability bsc1261477. - CVE-2026-25835: mbedtls: PSA random generator cloning bsc1261478. - CVE-2026-34874: mbedtls: NULL...

CVE-2026-39510

Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a through = 3.6.11...

CVE-2026-35472

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...

PT-2026-30121

Name of the Vulnerable Software and Affected Versions Juju versions 2.9 through 2.9.55 and 3.6 through 3.6.18 Description Juju, an application orchestration engine, allows any authenticated user, machine, or controller to modify application resources within a Juju controller. This impacts version...

CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service

SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

CVE-2026-33136

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

Adobe Substance3D Stager 缓冲区错误漏洞

Substance 3D Stager is the United States of America Ordoby Adobe company launched a dedicated to the 3D scene set, lighting settings and high-quality rendering of professional software. An out-of-bounds write vulnerability exists in Adobe Substance 3D Stager 3.1.6 and earlier versions, which can ...

CVE-2026-1549

A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...

CVE-2025-14472

CVE-2025-14472 is a CSRF vulnerability in the Drupal Acquia Content Hub integration. Affected versions are Acquia Content Hub 0.0.0–3.6.3 and 3.7.0–3.7.2. Root cause is a CSRF protection gap that could allow actions on behalf of authenticated users. The CVSS 3.1 base metrics indicate HIGH impact ...

ALPINE-CVE-2025-11187

Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...

CVE-2026-23727 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarTodos, nomeClasse=TipoSaidaControle)

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControl...

CVE-2026-23724

CVE-2026-23724 affects the WeGIA web manager. A Stored Cross‑Site Scripting (XSS) vulnerability exists in the html/atendido/cadastro_ocorrencia.php endpoint where user-controlled data is rendered in the “Atendido” dropdown without sanitization. This could allow injection in Attendido_idatendido f...

MiracleLinux 4 : firefox-3.6.26-1.0.1.AXS4, xulrunner-1.9.2.26-1.0.1.AXS4 (AXSA:2012-194:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-194:02 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this releas...

CVE-2023-4109

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability...

CVE-2019-20221

In Support Incident Tracker SiT! 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page...

CVE-2019-20220

In Support Incident Tracker SiT! 3.67, the searchid parameter in the searchincidentsadvanced.php page is affected by XSS...

CVE-2023-4995

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...