7.6
CVE-2025-26956 - WordPress Traveler theme < 3.2.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through < 3.2.1.
5.3
CVE-2025-22739 - WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.7.5.
5.3
CVE-2025-22740 - WordPress Sensei LMS plugin <= 4.24.4 - Broken Access Control vulnerability
Missing Authorization vulnerability in Automattic Sensei LMS sensei-lms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through <= 4.24.4.
5.9
CVE-2023-38272 - IBM Cloud Pak System information disclosure
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 could allow a user with access to the network to obtain sensitive information from CLI arguments.
6.5
CVE-2023-37405 - IBM Cloud Pak System information disclosure
IBM Cloud Pak System 2.3.3.0, 2.3.3.3, 2.3.3.3 iFix1, 2.3.3.4, 2.3.3.5, 2.3.3.6, 2.3.36 iFix1, 2.3.3.6 iFix2, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, and 2.3.4.1 stores sensitive data in memory, that could be obtained by an unauthorized user.
10
CVE-2025-30367 - WeGIA SQL Injection Vulnerability in nextPage Parameter on control.php Endpoint
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, β¦
6.2
CVE-2025-30366 - WeGIA vulnerable to Stored XSS in personalizacao.php
WeGIA is a Web manager for charitable institutions. Versions prior to 3.2.8 are vulnerable to stored cross-site scripting. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently storeβ¦
9.4
CVE-2025-30365 - SQL Injection in query_geracao_auto.php
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL commβ¦
10
CVE-2025-30364 - WeGIA vulnerable to SQL Injection (Blind Time-Based) in remuneracao.php parameter id_funcionario
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funcionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can compromiβ¦
6.4
CVE-2025-30363 - WeGIA vulnerable to Stored XSS in documentos_funcionario.php parameter dados_addInfo
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious codβ¦