EUVD-2026-12397

Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...

CVE-2026-3022

Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...

CVE-2026-3020 Identity based authorization bypass vulnerability (IDOR) in the Wakyma application web

Identity based authorization bypass vulnerability IDOR that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other...

CVE-2026-3020

CVE-2026-3020 describes an Identity based authorization bypass (IDOR) in the Wakyma application web. The flaw allows an attacker to modify data on a legitimate user account (e.g., changing the victim’s email, validating a new email, requesting a password) which could enable taking control of othe...