CVE-2026-35398

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos & listarIdNome and...

WeGIA 跨站脚本漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability for malicious scripts to be injected into backup file names,...

WeGIA 输入验证错误漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of URL validation or allowlist checks, which could lead...

DCMTK 安全漏洞

DCMTK is a collection of libraries and applications that implement most of the DICOM standards from the DCMTK open source. Software for inspecting, building, and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...

PT-2022-22047 · WordPress · Import Any Xml/Csv File To Wordpress

Name of the Vulnerable Software and Affected Versions: Import any XML or CSV File to WordPress plugin versions prior to 3.6.9 Description: The issue arises from the plugin not properly filtering allowed file extensions for import on the server. This could allow administrators in multi-site...