EUVD-2026-14891

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

Pixeon WebLaudos 安全漏洞

Pixeon WebLaudos is an application from Pixeon that allows access to inspection reports issued by the system. A security vulnerability exists in Pixeon WebLaudos version 25.1 that originates from reflective cross-site scripting in the slesSenha parameter of the loginAlterarSenha.asp file, which...

Intelbras UnniTI 安全漏洞

Intelbras UnniTI is a telephone switch from Intelbras, a Brazilian company. A security vulnerability exists in Intelbras UnniTI version 24.07.11, which originates from the incorrect manipulation of the parameter Usuario/Senha in the file /xml/sistema/usuarios.xml, and could lead to improper stora...

EUVD-2025-24465

Malicious code in bioql PyPI...

CVE-2025-55170

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting XSS vulnerability was identified in the /html/alterarsenha.php endpoint of the WeGIA application. This vulnerability allows attackers t...

CVE-2025-55170 WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting XSS vulnerability was identified in the /html/alterarsenha.php endpoint of the WeGIA application. This vulnerability allows attackers t...

CVE-2025-55170

WeGIA prior to 3.4.8 contains a reflected XSS vulnerability in /html/alterar_senha.php via verificacao and redir_config parameters. The issue is patched in version 3.4.8. Exploitation details are not provided in the connected documents; remediation is to upgrade to 3.4.8 or later.

CVE-2025-55170 WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting XSS vulnerability was identified in the /html/alterarsenha.php endpoint of the WeGIA application. This vulnerability allows attackers t...

CVE-2025-55170 WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting XSS vulnerability was identified in the /html/alterarsenha.php endpoint of the WeGIA application. This vulnerability allows attackers t...

PT-2025-32895 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.8 Description: WeGIA is a web manager with a focus on the Portuguese language and charitable institutions. A reflected cross-site scripting XSS vulnerability exists in the /html/alterar senha.php API endpoint...

CVE-2025-2113 AT Software Solutions ATSVD Esqueceu a senha sql injection

A vulnerability was found in AT Software Solutions ATSVD up to 3.4.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Esqueceu a senha. The manipulation of the argument txtCPF leads to sql injection. The attack may be launched remotely. The...

CVE-2025-1643

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been rated as problematic. This issue affects some unknown processing of the file /DadosPessoais/SGAlterarSenha. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.1....

PT-2025-7806 · Benner · Benner Modernanet

Name of the Vulnerable Software and Affected Versions: Benner ModernaNet versions up to 1.1.0 Description: A vulnerability was found in the processing of the file /DadosPessoais/SG AlterarSenha, leading to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.1....

Allims lab.online 安全漏洞

Allims lab.online is a laboratory online service platform of AIILMS India, which is mainly used to provide customers with access to laboratory analysis results. Allims lab.online has a security vulnerability that originates from the recuperacao parameter of the /model/modelrecuperarsenha.php file...

PT-2025-6108 · Allims · Lab.Online

Name of the Vulnerable Software and Affected Versions: Allims lab.online versions up to 20250201 Description: A critical issue was found in the processing of the file /model/model recuperar senha.php, where the manipulation of the recuperacao argument leads to SQL injection. This issue can be...

CVE-2023-5471

A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

Farmacia SQL Injection Vulnerability

Farmacia is a CMS. Farmacia version 1.0 suffers from a SQL injection vulnerability that stems from the parameter usario/senha in the file index.php that causes sql injection...

CMSUsina 2.2.3 Cross Site Request Forgery

==================================================================================================================================== | Title : CMSUsina V2.2.3 CSRF Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | |...

Canoas Web Hosting Administration Page Bypass Vulnerability

A security vulnerability exists in the Canoas web hosting administration page. Due to a failure to filter the Login and Senha parameters in the admin/login.php page. This allows an attacker to bypass login restrictions and perform unauthorized operations...