2 matches found
CVE-2026-35475
creationtimestamp| type| source ---|---|--- 2026-04-06 22:12:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miubupumjx2i...
CVE-2026-35475 WeGIA - Open Redirect - backup redirection — Unvalidated $_GET['redirect']
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...