CVE-2025-51543

An issue was discovered in Cicool builder 3.4.4 allowing attackers to reset the administrator's password via the /administrator/auth/resetpassword endpoint...

PT-2025-33861 · Unknown · Cicool Builder

Name of the Vulnerable Software and Affected Versions: Cicool builder version 3.4.4 Description: An issue allows attackers to reset the administrator's password. This is achieved via the /administrator/auth/reset password API endpoint. Recommendations: As a temporary workaround, consider...

CVE-2025-51543

CVE-2025-51543 affects Cicool builder 3.4.4. The vulnerability allows an attacker to reset the administrator password via the /administrator/auth/reset_password endpoint. The CVSS 3.1 base score is 9.8 (CRITICAL) with NETWORK attack vector, no privileges or user interaction required, and impacts ...

CVE-2025-53824

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarpermissoes.php endpoint of the WeGIA application prior to version 3.4.4. This vulnerability allows attackers to...

CVE-2025-53824 WeGIA ReflectedCross-Site Scripting (XSS) vulnerability in endpoint 'cadastro_pet.php' parameter 'msg'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarpermissoes.php endpoint of the WeGIA application prior to version 3.4.4. This vulnerability allows attackers to...

CVE-2025-53824

CVE-2025-53824 concerns WeGIA, an open source web manager. A Reflected XSS exists in the editar_permissoes.php endpoint (pre-3.4.4) via the msg_c parameter. The flaw could allow injection of script code when a user is reflected, with the official fix in version 3.4.4. No exploitation details are ...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email, and chat rooms. A security vulnerability exists in Discourse versions prior to 3.4.4, prior to 3.5.0.beta5, and prior to 3.5.0.beta6-dev, which stems fr...

CVE-2024-32823

Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP Rating System.This issue affects Rate my Post – WP Rating System: from n/a through 3.4.4...

CVE-2024-37205

Insertion of Sensitive Information into Log File vulnerability in SERVIT Software Solutions.This issue affects affiliate-toolkit: from n/a through 3.4.4...

CVE-2023-28779

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Vladimir Statsenko Terms descriptions plugin = 3.4.4 versions...

CVE-2023-27414

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Popup Box Team Popup box plugin = 3.4.4 versions...

WordPress Kinsley theme <= 3.4.4 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Kinsley versions = 3.4.4...

AZL-60422 CVE-2025-32914 affecting package libsoup for versions less than 3.4.4-4

A flaw was found in libsoup, where the soupmultipartnewfrommessage function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds...

IBM Aspera Console 跨站脚本漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A cross-site scripting vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from...

IBM Aspera Console 安全漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console version 3.4.4 and earlier, which stems from allowing passwo...

IBM Aspera Console 安全漏洞

IBM Aspera Console is a Web-based application from International Business Machines IBM, Inc. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A security vulnerability exists in IBM Aspera Console 3.4.4 and prior versions, which stems from an XPath injecti...

AZL-59541 CVE-2025-32051 affecting package libsoup for versions less than 3.4.4-6

A flaw was found in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS...

CVE-2024-52531 affecting package libsoup for versions less than 3.4.4-2

CVE-2024-52531 affecting package libsoup for versions less than 3.4.4-2. A patched version of the package is available...

CVE-2024-52530 affecting package libsoup for versions less than 3.4.4-2

CVE-2024-52530 affecting package libsoup for versions less than 3.4.4-2. A patched version of the package is available...

PT-2024-32693 · Tinypng · Tinypng

Name of the Vulnerable Software and Affected Versions: TinyPNG versions prior to 3.4.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in TinyPNG. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that t...