CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

PT-2026-22411

Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the adicionar tipo docs atendido.php script does not utilize the project’s central controller and lacks appropriate...

Siemens SiPass Integrated 输入验证错误漏洞

ACC-AP Advanced Central Controller is a door controller for up to two Internet/Intranet-connected doors used to communicate with the SiPass integrated access control system. AC5102 / ACC-G2 Advanced Central Controller is the central controller for the SiPass integrated The central controller for...

Prima Systems FlexAir Script Upload Execution Vulnerability

Prima Systems FlexAir is an access control system from Prima Systems in Slovenia. A security vulnerability in Prima Systems FlexAir when configuring the main central controller allows remote attackers to exploit the vulnerability by submitting a special Python script request that can execute...

sdnpwn - An SDN Penetration Testing Toolkit

The Open Networking Foundation defines SDN as “The physical separation of the network control plane from the forwarding plane, and where a control plane controls several devices”. What this means is that the decision making which would traditionally be performed by a router or a switch i.e...

OrangeHRM 2.6.11 - libcontrollersCentralController.php URI Cross-Site Scripting

OrangeHRM 2.6.11 - libcontrollersCentralController.php URI Cross-Site Scripting source: https://www.securityfocus.com/bid/50857/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal...