7 matches found
angorapy (>=0.9.1 <=0.10.8), apple-hdr-heic (=0.1.0) +66 more potentially affected by CVE-2026-34379 via openexr (>=3.4.12 <=3.4.4)
openexr PYPI version =3.4.12, =0.9.1, =0.5.0, =0.2.5, =0.1.0rc1, =0.0.1, =0.1.0, =0.2.1, =0.0.4, =0.1.7, =0.0.1, =0.1.1, =0.0.0, =0.0.4 and more Source cves: CVE-2026-34379 Source advisory: SNYK:PYTHON-OPENEXR-15993246...
CVE-2025-61665
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the getrelatoriossocios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and...
CVE-2025-61606
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter metodo=listarUmnomeClasse=FuncionarioControle. This vulnerability allows...
CVE-2025-61606
WeGIA is affected: open redirect in the control.php endpoint via the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle) for versions 3.4.12 and below. This could redirect users to arbitrary external domains, enabling phishing or credential theft as described in the CVE entries. Th...
CVE-2025-61604
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery CSRF vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger...
WeGIA 安全漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA 3.4.12 and earlier versions, which stems from incorrect manipulation of the parameter idpet in the file /pet/profilepet.php, which could lead to a SQL injection...
PT-2025-4786 · Github · Github Desktop
Name of the Vulnerable Software and Affected Versions: GitHub Desktop versions prior to 3.4.12 Description: An attacker can access a user's credentials by convincing them to clone a repository directly or through a submodule using a maliciously crafted remote URL. GitHub Desktop relies on Git for...