Lucene search
+L

860 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/27 9:49 p.m.6 views

CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

9.8CVSS6AI score0.00514EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/02/27 9:49 p.m.35 views

CVE-2026-28408 WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

9.8CVSS0.00514EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/27 9:49 p.m.5 views

CVE-2026-28408 WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

9.8CVSS6AI score0.00514EPSS
Exploits1References1
CVE
CVE
added 2026/02/27 9:49 p.m.18 views

CVE-2026-28408

WeGIA web manager vulnerability in file adicionar_tipo_docs_atendido.php : before version 3.6.5, the script bypassed the central controller and lacked authentication/permission checks, allowing external actors to access employee-only features and inject unauthorized data into storage. No exploita...

9.8CVSS6AI score0.00514EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/02/27 9:49 p.m.8 views

CVE-2026-28408 WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

9.8CVSS6AI score0.00514EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/27 9:49 p.m.16 views

EUVD-2026-9079

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

9.8CVSS6AI score0.00514EPSS
Exploits1References1
F5 Networks
F5 Networks
added 2026/02/27 1:10 a.m.14 views

K000160172: PostgreSQL vulnerability CVE-2025-8714

Security Advisory Description Untrusted data inclusion in pgdump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pgdumpall is also...

8.8CVSS6.1AI score0.00736EPSS
Exploits1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

WeGIA 安全漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.5 contained security vulnerabilities. These vulnerabilities stemmed from the adicionartipodocsatendido.php script not being processed through a central...

9.8CVSS5.8AI score0.00514EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.10 views

PT-2026-22411

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the adicionar tipo docs atendido.php script does not utilize the project’s central controller and lacks appropriate...

9.8CVSS5.9AI score0.00514EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/02/26 10:14 a.m.15 views

CVE-2026-3152

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

9.8CVSS5.4AI score0.00379EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/22 12:0 a.m.10 views

PT-2026-21439

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar pdf.php endpoint with malicious cid values to extract sensitive database...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 2026/02/04 3:16 p.m.13 views

CVE-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS0.00339EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.9 views

PT-2026-4932

Dirsearch 0.4.1 contains a CSV injection vulnerability when using the --csv-report flag that allows attackers to inject formulas through redirected endpoints. Attackers can craft malicious server redirects with comma-separated paths containing Excel formulas to manipulate the generated CSV report...

9.8CVSS5.9AI score0.0038EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 p.m.8 views

CVE-2026-24565

Insertion of Sensitive Information Into Sent Data vulnerability in bPlugins B Accordion b-accordion allows Retrieve Embedded Sensitive Data.This issue affects B Accordion: from n/a through = 2.0.2...

6.5CVSS5.9AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/22 8:22 p.m.12 views

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS5.8AI score0.00394EPSS
Exploits1References1
NVD
NVD
added 2026/01/21 9:16 p.m.11 views

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS0.00394EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/21 8:5 p.m.6 views

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS5.8AI score0.00394EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/21 8:5 p.m.20 views

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS0.00394EPSS
Exploits1References2
OSV
OSV
added 2026/01/21 8:5 p.m.6 views

CVE-2025-69285 SQLBot uploadExcel Endpoint has Unauthenticated Arbitrary File Upload vulnerability

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS5.9AI score0.00394EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/21 8:5 p.m.3 views

CVE-2025-69285

SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data...

8.7CVSS5.5AI score0.00394EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder