Security Vulnerabilities
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-21
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1. This issue has been patched in version 3.5.1.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-21
Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly in the browser. When exploited, an attacker can steal session cookies, redirect users to malicious sites, perform actions on behalf of the user, or deface the website. This can lead to user data compromise, loss of user trust, and a broader attack surface for more advanced exploitation techniques.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-21
daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-21
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-10-21
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-10-21
Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-10-21
Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
CVSS Score
8.5
EPSS Score
0.008
Published
2025-10-21