9.3
CVE-2012-10064 - Omni Secure Files < 0.1.14 Unauthenticated Arbitrary File Upload
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, ena…
8.8
CVE-2026-23742 - Skipper arbitrary code execution through lua filters
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The co…
8.7
CVE-2026-23735 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in grap…
GraphQL Modules is a toolset of libraries and guidelines dedicated to create reusable, maintainable, testable and extendable modules out of your GraphQL server. From 2.2.1 to before 2.4.1 and 3.1.1, when 2 or more parallel requests are made which trigger the same service, the context of the request…
4.3
CVE-2026-23731 - WeGIA Clickjacking Vulnerability
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with fram…
4.8
CVE-2026-23730 - WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=lis…
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=ProdutoControle. T…
4.8
CVE-2026-23729 - WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=lis…
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarDescricao and nomeClasse=ProdutoControl…
4.8
CVE-2026-23728 - WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=lis…
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=DestinoControle. T…
4.8
CVE-2026-23727 - WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=lis…
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControle.…
4.8
CVE-2026-23726 - WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=lis…
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoEntradaControl…
5.3
CVE-2026-23725 - WeGIA Stored Cross-Site Scripting (XSS) – nome Parameter on Adopters Information Page
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/pet/adotantes/cadastro_adotante.php and html/pet/adotantes/informacao_adotantes.php endpoint of the WeGIA application. The application does not sanitize u…