|
2101
|
- |
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiar_docfamiliar.php displays an overly descriptive error message, including database-related details. Thi…
|
CWE-200
Information Exposure
|
CVE-2026-42871
|
2026-05-14 02:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2102
|
- |
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting (XSS) flaw was identified at the following endpoint: funcionario/profile_funcionario.php?…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42870
|
2026-05-14 02:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2103
|
6.1 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting (XSS) vulnerability exists in lista_arquivos_etapa.php due to improper handling of use…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42872
|
2026-05-14 02:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2104
|
0.0 |
NONE
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependente_upload.php, the application respo…
|
CWE-200
Information Exposure
|
CVE-2026-42873
|
2026-05-14 02:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2105
|
6.8 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-45025
|
2026-05-14 02:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2106
|
6.8 |
MEDIUM
Network
|
-
|
-
|
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript into the …
|
CWE-79
Cross-site Scripting
|
CVE-2026-45026
|
2026-05-14 02:03 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2107
|
3.0 |
LOW
Local
|
-
|
-
|
ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER…
|
CWE-269
Improper Privilege Management
|
CVE-2026-44218
|
2026-05-14 02:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2108
|
3.7 |
LOW
Network
|
-
|
-
|
ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/ciguard/analyzer/sca/endoflife.py) call payload = json.lo…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44219
|
2026-05-14 02:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2109
|
3.2 |
LOW
Local
|
-
|
-
|
ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycl…
|
CWE-59
Link Following
|
CVE-2026-44220
|
2026-05-14 02:02 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2110
|
4.4 |
MEDIUM
Local
|
jqlang
|
jq
|
jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during mo…
|
CWE-20
CWE-158
Improper Input Validation
Improper Neutralization of Null Byte or NUL Character
|
CVE-2026-43895
|
2026-05-14 02:02 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
