3 matches found
Improper Neutralization of Special Elements Used in a Template Engine
Overview dynaconf is a The dynamic configurator for your Python Project Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to unsafe template evaluation in the @Jinja resolver. An attacker can execute arbitrary code by...
CVE-2025-26608
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, dependentedocdependente.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing...
CVE-2025-26605
WeGIA (Web Manager for Institutions) has a SQL Injection vulnerability in the deletar_cargo.php endpoint, specifically the id_cargo parameter, that could allow an authorized attacker to execute arbitrary SQL and access sensitive data. The issue is addressed in version 3.2.13; upgrading is advised...