5 matches found
WeGIA input validation error vulnerability
WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.2 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter, which could lead to...
JLSEC-2025-237 In libarchive before 3.6.2, the software does not check for an error after calling calloc function t...
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the...
CVE-2021-23433
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
Unspecified Vulnerability in Mattermost Server
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in the WebSocket functionality in Mattermost Server versions prior to 3.6.2, which stems from the program not following the same-origin policy. No details of the...
Bolt CMS Cross-Site Scripting Vulnerability (CNVD-2019-05670)
Bolt is a simple CMS written in PHP. A cross-site scripting vulnerability exists in Bolt CMS versions prior to 3.6.2, which can be exploited by remote attackers to inject arbitrary web script or HTML via the preview function in text input pages...