Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 10:32 p.m.3 views

CVE-2026-33203 SiYuan has an Unauthenticated WebSocket DoS via Auth Keepalive Bypass

SiYuan is a personal knowledge management system. Prior to version 3.6.2, the SiYuan kernel WebSocket server accepts unauthenticated connections when a specific "auth keepalive" query parameter is present. After connection, incoming messages are parsed using unchecked type assertions on...

7.5CVSS5.9AI score0.00497EPSS
Exploits1References1
NVD
NVD
added 2026/01/16 8:15 p.m.7 views

CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

4.3CVSS0.00272EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/16 7:38 p.m.5 views

CVE-2026-23725 WeGIA Stored Cross-Site Scripting (XSS) – nome Parameter on Adopters Information Page

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...

5.3CVSS5AI score0.00213EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.8 views

CVE-2020-11014

Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the...

8.6CVSS6.7AI score0.01569EPSS
Exploits0References1
Rows per page
Query Builder