CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93 matches found

CVE•added 2026/04/17 8:25 p.m.•3 views

CVE-2026-40285

WeGIA web manager versions before 3.6.10 are affected by a SQL injection in dao/memorando/UsuarioDAO.php. The flaw stems from the cpf_usuario POST parameter being used to overwrite the session-stored user identity via extract($_REQUEST) in DespachoControle::verificarDespacho(), with the attacker-...

8.8CVSS5.9AI score0.00045EPSS

Exploits0References1

Vulnrichment•added 2026/04/17 8:25 p.m.•0 views

CVE-2026-40285 WeGIA has SQL Injection via Session Variable Override in DespachoControle.php

WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...

8.8CVSS5.9AI score0.00045EPSS

Exploits0References1

EUVD•added 2026/04/17 8:25 p.m.•2 views

EUVD-2026-23529

8.8CVSS5.9AI score0.00045EPSS

Exploits0References1

CNNVD•added 2026/04/17 12:0 a.m.•4 views

WeGIA 安全漏洞

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities, which were caused by improper handling of the cpfusuario parameter in the dao/memorando/UsuarioDAO.php file. This improper handling could lead...

8.8CVSS5.9AI score0.00045EPSS

Exploits0References2

CVE•added 2026/03/06 12:19 p.m.•5 views

CVE-2018-25174

ABC ERP 0.6.4 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to modify administrator credentials by submitting forged requests to _configurar_perfil.php. The exploit can craft requests containing parameters such as usuario, contrasena1, contrasena2, nombr...

6.9CVSS5.7AI score0.00031EPSS

Exploits0References2

RedhatCVE•added 2026/01/28 9:17 p.m.•2 views

CVE-2026-1473

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario’ in '/evaluacioncompetenciasevalua.aspx', could allow an attacker to extract...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1

RedhatCVE•added 2026/01/28 9:17 p.m.•3 views

CVE-2026-1478

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaevalua.aspx’, could allow an attacker ...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1

RedhatCVE•added 2026/01/28 9:17 p.m.•4 views

CVE-2026-1474

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion' en ‘/evaluacioninicio.aspx’, could allow an attacker to...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1

RedhatCVE•added 2026/01/28 9:17 p.m.•2 views

CVE-2026-1483

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosverauto.aspx', could allow an attacker to extract...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1

NVD•added 2026/01/27 5:16 p.m.•3 views

CVE-2026-1477

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacioncompetenciasevaluaold.aspx’, could allow ...

9.3CVSS0.00047EPSS

Exploits0References1

NVD•added 2026/01/27 5:16 p.m.•4 views

CVE-2026-1481

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigverauto.aspx', could allow an attacker to...

9.3CVSS0.00047EPSS

Exploits0References1

NVD•added 2026/01/27 5:16 p.m.•2 views

CVE-2026-1478

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaevalua.aspx’, could allow an attacker ...

9.3CVSS0.00047EPSS

Exploits0References1

NVD•added 2026/01/27 5:16 p.m.•5 views

CVE-2026-1473

9.3CVSS0.00047EPSS

Exploits0References1

Cvelist•added 2026/01/27 4:32 p.m.•17 views

CVE-2026-1481 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigverauto.aspx', could allow an attacker to...

9.3CVSS0.00047EPSS

Exploits0References1

CVE•added 2026/01/27 4:32 p.m.•9 views

CVE-2026-1481

CVE-2026-1481 describes an out-of-band SQL injection affecting the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. The vulnerability targets the Id_usuario parameter in /evaluacion_objetivos_anyo_sig_ver_auto.aspx, enabling an attacker to exfiltrate sensitive data ...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1Affected Software1

CVE•added 2026/01/27 4:31 p.m.•6 views

CVE-2026-1480

The CVE-2026-1480 entry documents an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the Id_usuario parameter in the /evaluacion_objetivos_anyo_sig_evalua.aspx endpoint, enabling an attacker to exfiltrate sen...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/27 4:31 p.m.•17 views

CVE-2026-1479 Out-of-band SQL injection in Quatuor Performance Evaluation

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaverauto.asp', could allow an attacker...

9.3CVSS0.00047EPSS

Exploits0References1

CVE•added 2026/01/27 4:31 p.m.•10 views

CVE-2026-1479

The CVE-2026-1479 entry describes an out-of-band SQL injection in the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. The vulnerability affects the /evaluacion_hca_ver_auto.asp endpoint, where attacker-controlled values in the Id_usuario and Id_evaluacion parameter...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1Affected Software1

EUVD•added 2026/01/27 4:30 p.m.•3 views

EUVD-2026-4776

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaevalua.aspx’, could allow an attacker ...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References1

ATTACKERKB•added 2026/01/27 4:30 p.m.•3 views

CVE-2026-1478

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaevalua.aspx’, could allow an attacker ...

9.3CVSS5.8AI score0.00047EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by