8.4
CVE-2024-11128 - Insufficient Hardened Runtime or Library Validation signing in Bitdefender Virus Scanner for macOS
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing.…
3.3
CVE-2024-51491 - Process crash during CRL-based revocation check on OS using separate mount point for temp Directory…
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the CRL, notation-go atte…
4
CVE-2024-56138 - Timestamp signature generation lacks certificate revocation check in notion-go
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificate(s) used to ge…
5.8
CVE-2024-56323 - OpenFGA Authorization Bypass
OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2) are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects with a model that uses [conditions](https://…
6.4
CVE-2025-22613 - WeGIA Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scri…
6.4
CVE-2025-22614 - WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_editarInfoPessoal.php ' parameters 'no…
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_editarInfoPessoal.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malici…
6.4
CVE-2025-22615 - WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'Cadastro_Atendido.php' parameter 'cpf'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `Cadastro_Atendido.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scri…
6.4
CVE-2025-22616 - WeGIA Cross-Site Scripting (XSS) Stored endpoint 'dependente_parentesco_adicionar.php' parameter 'd…
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_parentesco_adicionar.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject mal…
6.4
CVE-2025-22617 - WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'editar_socio.php' parameter 'socio'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_socio.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts i…
6.4
CVE-2025-22618 - WeGIA Cross-Site Scripting (XSS) Stored endpoint 'adicionar_cargo.php' parameter 'cargo'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cargo.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts i…