CVE-2026-40285

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

Tongda OA system has a logic flaw vulnerability

Ltd. is subordinate to China National Weapons Industry Information Center CNWIIC, which is referred to as Tongda Xinke. It is a high-tech team with the main business of collaborative management software development and implementation, service and consulting. Tongda OA system has a logical flaw...