CVE-2026-41894

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check IsSensitivePath but did not address the root cause — a redundant url.PathUnescape call in serveExport. An authenticated attacker can use double URL encoding...

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

EUVD-2026-17967

Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade...

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.5 contained security vulnerabilities. These vulnerabilities stemmed from SQL injections in the html/matPat/restaurarProduto.php endpoint, which could lead to a complete database breac...

PT-2026-26605

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurar produto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the id produto GET parameter...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001542)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001542 advisory. The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too fa...

CVE-2024-44025

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in nicejob NiceJob nicejob allows Stored XSS.This issue affects NiceJob: from n/a through 3.6.5...

CVE-2022-39409

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain component: Business Process Automation. Supported versions that are affected are 6.4.3 and 6.5.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

WordPress WP Chat App plugin < 3.6.5 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin WP Chat App versions 3.6.5...

CVE-2022-36594

creationtimestamp| type| source ---|---|--- 2022-09-02 07:38:47+00:00| seen| https://t.me/cibsecurity/49222...

UBUNTU-CVE-2020-5211

In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems...

Unspecified Vulnerability in CloudBees Jenkins Rundeck Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Rundeck Plugin is used in one of the...

PT-2019-11610 · Moodle +1 · Moodle +1

Name of the Vulnerable Software and Affected Versions: Moodle versions prior to 3.7.1 Moodle versions prior to 3.6.5 Moodle versions prior to 3.5.7 Description: A flaw was found in the XML loading/unloading admin tool where a sesskey CSRF token was not being utilized. Recommendations: For version...