Lucene search
+L

1646 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-44042

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, when a user logs in, html/login.php hashes the submitted password using PHP's hash function with the SHA-256 algorithm and no salt before comparing it to the stored value. The password change flow in...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained security vulnerabilities. These vulnerabilities stemmed from the use of a salted SHA-256 hash algorithm in login and password change processes, which could lead to rainbow...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

WeGIA 输入验证错误漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.7.3 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of validation or restrictions on the nextPage parameter...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44043

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.10 views

CVE-2026-42871

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...

6.9CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.18 views

CVE-2026-45026

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processoaceitacao.php page, which is executed when user access t...

6.8CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.13 views

CVE-2026-45025

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" html/atendido/etapaprocesso.php page, which is executed when user access the...

6.8CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.18 views

CVE-2026-42870

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

6.4CVSS0.00281EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 8:25 p.m.12 views

CVE-2026-42873

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

0.00194EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 7:16 p.m.16 views

CVE-2026-42871

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, atendido/familiardocfamiliar.php displays an overly descriptive error message, including database-related details. This verbosity leads to information disclosure, which could assist a potential attacker in mapping the...

6.9CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:36 p.m.35 views

CVE-2026-45026 WeGIA: Stored XSS in html/atendido/processo_aceitacao.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processoaceitacao.php page, which is executed when user access t...

6.8CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 6:36 p.m.9 views

CVE-2026-45026 WeGIA: Stored XSS in html/atendido/processo_aceitacao.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processoaceitacao.php page, which is executed when user access t...

6.8CVSS5.8AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:36 p.m.9 views

EUVD-2026-29195

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processoaceitacao.php page, which is executed when user access t...

6.8CVSS5.8AI score0.0023EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:36 p.m.21 views

CVE-2026-45026

CVE-2026-45026 affects WeGIA web manager (versions

6.8CVSS5.8AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:36 p.m.2 views

CVE-2026-45026 WeGIA: Stored XSS in html/atendido/processo_aceitacao.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processoaceitacao.php page, which is executed when user access t...

6.8CVSS6AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 6:35 p.m.36 views

CVE-2026-45025 WeGIA: Stored XSS in html/atendido/etapa_processo.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" html/atendido/etapaprocesso.php page, which is executed when user access the...

6.8CVSS0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:35 p.m.11 views

EUVD-2026-29194

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" html/atendido/etapaprocesso.php page, which is executed when user access the...

6.8CVSS5.8AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:35 p.m.3 views

CVE-2026-45025 WeGIA: Stored XSS in html/atendido/etapa_processo.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" html/atendido/etapaprocesso.php page, which is executed when user access the...

6.8CVSS6AI score0.0023EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 6:35 p.m.20 views

CVE-2026-45025

WeGIA is affected by a Stored XSS in the html/atendido/etapa_processo.php page prior to version 3.7.3. An authenticated user can inject malicious JavaScript that executes when the page is loaded, enabling session hijacking and potential account takeover. The issue is fixed in version 3.7.3. CVSS ...

6.8CVSS5.8AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:34 p.m.9 views

EUVD-2026-29188

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, when attempting to upload a file with malicious content to funcionario/docdependenteupload.php, the application responds with an overly descriptive error message. This leads to information disclosure, effectively...

5.8AI score0.00194EPSS
Exploits0References1
Rows per page
Query Builder