43 matches found
WordPress YASR – Yet Another Star Rating Plugin for WordPress plugin <= 3.4.12 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Yet Another Stars Rating versions = 3.4.12...
CVE-2025-61665
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the getrelatoriossocios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and...
CVE-2025-61606
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter metodo=listarUmnomeClasse=FuncionarioControle. This vulnerability allows...
CVE-2025-61604
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery CSRF vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger...
CVE-2025-61603
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...
EUVD-2025-32213
Malicious code in bioql PyPI...
EUVD-2025-32205
Malicious code in bioql PyPI...
EUVD-2025-32202
Malicious code in bioql PyPI...
EUVD-2025-32204
Malicious code in bioql PyPI...
CVE-2025-61665 WeGIA: Broken Access Control in `get_relatorios_socios.php` Endpoint
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the getrelatoriossocios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and...
CVE-2025-61606 WeGIA: Open Redirect Vulnerability in `control.php` endpoint
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter metodo=listarUmnomeClasse=FuncionarioControle. This vulnerability allows...
CVE-2025-61606
WeGIA is affected: open redirect in the control.php endpoint via the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle) for versions 3.4.12 and below. This could redirect users to arbitrary external domains, enabling phishing or credential theft as described in the CVE entries. Th...
CVE-2025-61603
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...
CVE-2025-61604
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery CSRF vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger...
CVE-2025-61605 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in /pet/profile_pet.php Endpoint
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profilepet.php endpoint, specifically in the idpet parameter. This vulnerability allows attackers to execute arbitrary SQL...
CVE-2025-61604 WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery CSRF vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger...
CVE-2025-61604 WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery CSRF vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger...
CVE-2025-61603
WeGIA (web manager for charitable institutions) versions 3.4.12 and earlier contain an SQL Injection in /controle/control.php via the descricao parameter, enabling attackers to execute arbitrary SQL commands and compromise database confidentiality, integrity, and availability. The issue is fixed ...
CVE-2025-61603 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...
PT-2025-40427
Name of the Vulnerable Software and Affected Versions WeGIA versions 3.4.12 and below Description WeGIA is a web manager designed for charitable institutions. An Open Redirect issue exists in the control.php endpoint, specifically through the nextPage parameter...