JLSEC-2026-464 Mbed TLS might use cloned PSA random generator states

Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator PRNG...

Fedora 45 : micropython (2026-d619d8d077)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d619d8d077 advisory. Automatic update for micropython-1.28.0-1.fc45. Changelog Mon Apr 6 2026 Lumr Balhar - 1.28.0-1 - Update to 1.28.0 - Security fix for CVE-2026-1998 ...

PT-2026-29584

Name of the Vulnerable Software and Affected Versions Mbed TLS versions 3.5.0 through 3.6.5 Description A buffer overflow exists in the x509 inet pton ipv6 function. This issue was addressed in versions 3.6.6 and 4.1.0. Recommendations Update to version 3.6.6 or 4.1.0...

CVE-2026-31896

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The removerprodutoocultar.php script uses extract$REQUEST to populate local variables and then directly concatenates these variables into a SQL query...

EUVD-2026-13682

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

CVE-2026-33136 WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

CVE-2026-33136

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...

CVE-2026-33136

WeGIA Web Manager (versions ≤ 3.6.6) contains a Reflected XSS in listar_memorandos_ativos.php via the sccd parameter, where $_GET['sccd'] is echoed into the HTML without sanitization. This is triggered when $_GET['msg'] equals 'success' and results in an HTML alert containing the attacker-supplie...

EUVD-2026-13680

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Affected versions: 3.6.6 and earlier. The issue is a Reflected Cross‑Site Scripting (XSS) in the endpoint /html/memorando/novo_memorandoo.php, where the GET parameter sccs is echoed into the HTML response without sanitization when msg equals 'su...

CVE-2026-33135

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

CVE-2026-33134

CVE-2026-33134 affects WeGIA web manager (versions 3.6.5 and earlier). The vulnerability is an authenticated SQL injection in the endpoint html/matPat/restaurar_produto.php, where the parameter id_produto is read from $_GET and directly interpolated into two SQL query strings without sanitization...

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

CVE-2026-33133

WeGIA web manager (versions 3.6.5–3.6.6) is vulnerable due to loadBackupDB() importing SQL from uploaded backup archives without validating content. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator accounts, modify existing passwords, or p...

WeGIA 跨站脚本漏洞

WeGIA is a network manager for the welfare institution developed by Nilson Lazarin. Versions of WeGIA 3.6.6 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflective cross-site scripting vulnerability in the listarmemorandosativos.php endpoint, which...

WeGIA SQL注入漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions 3.6.5 and 3.6.6 of WeGIA contain SQL injection vulnerabilities. These vulnerabilities stem from a lack of content validation during the loading of SQL files by the loadBackupDB...

CVE-2026-31896 WeGIA has a Time-Based Blind SQL Injection in remover_produto_ocultar.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, a critical SQL injection vulnerability exists in the WeGIA application. The removerprodutoocultar.php script uses extract$REQUEST to populate local variables and then directly concatenates these variables into a SQL query...

CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

CVE-2026-31895

CVE-2026-31895 affects WeGIA (Web gerenciador para instituições assistenciais). Before version 3.6.6, the file html/matPat/restaurar_produto.php is vulnerable to SQL injection because the id_produto parameter from $_GET is directly interpolated into SQL queries without parameterization or sanitiz...