4 matches found
CVE-2026-42639
Unauthenticated SQL Injection in GD Rating System = 3.6.2 versions...
CVE-2026-33669 SiYuan has Arbitrary Document Reading within the Publishing Service
SiYuan is a personal knowledge management system. Prior to version 3.6.2, document IDs were retrieved via the /api/file/readDir interface, and then the /api/block/getChildBlocks interface was used to view the content of all documents. Version 3.6.2 patches the issue...
CVE-2026-23727 WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=listarTodos, nomeClasse=TipoSaidaControle)
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControl...
PT-2023-17104 · Unknown · Novel-Plus
Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: A critical issue has been found in an unknown functionality of the file common/log/list. The manipulation of the sort argument leads to SQL injection. The attack can be launched remotely. Recommendations:...