EUVD-2019-4320

Malware in sbrugna...

EUVD-2022-5125

Malicious code in bioql PyPI...

EUVD-2025-28292

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-26846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. CVE-2022-26846 Note that Nessus relies on the presence of...

Linux Distros Unpatched Vulnerability : CVE-2018-1999022

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method,...

WordPress plugin Ultimate Reviews 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-27096 SQL Injection endpoint 'html/personalizacao_upload.php' parameter 'id_campo' in WeGIA

WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacaoupload.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive...

CVE-2025-27096 SQL Injection endpoint 'html/personalizacao_upload.php' parameter 'id_campo' in WeGIA

WeGIA is a Web Manager for Institutions with a focus on Portuguese language. A SQL Injection vulnerability was discovered in the WeGIA application, personalizacaoupload.php endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive...

PT-2025-7628 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A SQL Injection vulnerability was discovered in the WeGIA application, specifically in the "personalizacao upload.php" endpoint. This vulnerability allows an authorized attacker to execute arbitrary...

CVE-2025-26617

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, historicopaciente.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized...

CVE-2025-26609

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, familiardocfamiliar.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthoriz...

CVE-2025-26616

WeGIA (open source Web Manager) contains a Path Traversal vulnerability in the exportar_dump.php endpoint that could disclose sensitive data in config.php, potentially enabling direct database access. Affected versions are prior to 3.2.14. The issue has been addressed in version 3.2.14, and users...

PT-2025-7208 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A SQL Injection vulnerability was discovered in the WeGIA application, familiar docfamiliar.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing...

PYSEC-2022-213

An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc and Extract database functions are subject to SQL injection if untrusted data is used as a kind/lookupname value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected...

CVE-2022-26846

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code...

CVE-2021-0265

An unvalidated REST API in the AppFormix Agent of Juniper Networks AppFormix allows an unauthenticated remote attacker to execute commands as root on the host running the AppFormix Agent, when certain preconditions are performed by the attacker, thus granting the attacker full control over the...

DEBIAN-CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

WordPress Plugin Ninja Forms Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . Ninja Forms is one of the form plug-ins . A cross-site scripting vulnerability exists in the WordPress plugi...

Cross site scripting

The Ninja Forms plugin before 3.2.14 for WordPress has XSS...

Bolt CMS Stored Cross-Site Scripting Vulnerability

Bolt CM is an open source content management system developed by the Bolt community. A security vulnerability exists in Bolt CMS version 3.2.14. A remote attacker can inject arbitrary web script or HTML by uploading an SVG document with 'Content-Type: image/svg+xml' header...