Lucene search
+L

1646 matches found

CNNVD
CNNVD
added 2026/04/17 12:0 a.m.11 views

WeGIA 安全漏洞

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities, which were caused by improper handling of the cpfusuario parameter in the dao/memorando/UsuarioDAO.php file. This improper handling could lead...

8.8CVSS5.9AI score0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.13 views

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to susceptibility to stored-xss attacks, which could allow authenticated users to inject malicious JavaScript...

6.8CVSS5.9AI score0.0023EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35472

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=EstoqueControle...

6.1CVSS6AI score0.00224EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.7 views

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS5.8AI score0.00183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.3 views

CVE-2026-35398

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos & listarIdNome and...

6.1CVSS6AI score0.00228EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35399

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

8.5CVSS6.1AI score0.00288EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS5.9AI score0.00186EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.6 views

CVE-2026-35395

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

8.8CVSS6.2AI score0.00392EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.8 views

CVE-2026-35473

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. T...

6.1CVSS6AI score0.00183EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35396

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IsaidaControle. The...

6.1CVSS6AI score0.00224EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 10:16 p.m.5 views

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

6.1CVSS0.00183EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 10:16 p.m.4 views

CVE-2026-35473

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarId and nomeClasse=IentradaControle. T...

6.1CVSS0.00183EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 9:17 p.m.2 views

CVE-2026-35475

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS5.9AI score0.00186EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 9:17 p.m.3 views

CVE-2026-35475 WeGIA - Open Redirect - backup redirection — Unvalidated $_GET['redirect']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS5.9AI score0.00186EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 9:17 p.m.5 views

EUVD-2026-19510

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS5.9AI score0.00186EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 9:17 p.m.11 views

CVE-2026-35475

WeGIA (Web manager for charitable institutions) suffers an open redirect vulnerability prior to version 3.6.9. The redirect parameter is read directly from $_GET with no URL validation or whitelist, and is then used verbatim in a Location header, enabling potential redirection abuse. This is miti...

6.1CVSS5.9AI score0.00186EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/06 9:17 p.m.17 views

CVE-2026-35475 WeGIA - Open Redirect - backup redirection — Unvalidated $_GET['redirect']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS0.00186EPSS
Exploits1References1
OSV
OSV
added 2026/04/06 9:17 p.m.2 views

CVE-2026-35475 WeGIA - Open Redirect - backup redirection — Unvalidated $_GET['redirect']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

5.1CVSS5.9AI score0.00186EPSS
Exploits1References3
NVD
NVD
added 2026/04/06 9:16 p.m.5 views

CVE-2026-35398

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos & listarIdNome and...

6.1CVSS0.00228EPSS
Exploits1References1
NVD
NVD
added 2026/04/06 9:16 p.m.5 views

CVE-2026-35399

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a stored XSS vulnerability allows an attacker to inject malicious scripts through a backup filename. This could lead to unauthorized execution of malicious code in the victim's browser, compromising session data or executing...

8.5CVSS0.00288EPSS
Exploits1References1
Rows per page
Query Builder