VYPR

Vendor CVEs

LabRedesCefetRJ

All CVEs

166 total · sorted by risk
  • CVE-2025-61606Oct 2, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This…

  • CVE-2025-61605Oct 2, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerability allows attackers to…

  • CVE-2025-61604Oct 2, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a…

  • CVE-2025-61603Oct 2, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL…

  • CVE-2025-59939Sep 27, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. Prior to version 3.5.0, WeGIA is vulnerable to SQL Injection attacks in the control.php endpoint with the following parameters: nomeClasse=ProdutoControle&metodo=excluir&id_produto=[malicious command]. It is necessary to apply…

  • CVE-2025-58745Sep 8, 2025
    risk 0.00cvss epss 0.01

    WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint `/html/socio/sistema/controller/controla_xlsx.php`, which can be…

  • CVE-2025-58454Sep 8, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listar_despachos.php, in the id_memorando parameter. This vulnerability allow an authorized attacker to…

  • CVE-2025-58453Sep 8, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibe_anexo.php, in the id_anexo parameter. This vulnerability allow an authorized attacker to execute…

  • CVE-2025-58452Sep 8, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_despachos.php endpoint of the WeGIA application prior to version 3.4.11. This vulnerability allows attackers to inject malicious scripts in the…

  • CVE-2025-58159Aug 29, 2025
    risk 0.00cvss epss 0.01

    WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a…

  • CVE-2025-57765Aug 21, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the pre_cadastro_adotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the…

  • CVE-2025-57764Aug 21, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cargos.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter.…

  • CVE-2025-57763Aug 21, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Reflected Cross-Site Scripting (XSS) vulnerability in the insere_despacho.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the cpf sccs. This…

  • CVE-2025-57762Aug 21, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, there is a Stored Cross-Site Scripting (XSS) vulnerability in the dependente_docdependente.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the nome…

  • CVE-2025-57761Aug 21, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_funcionario parameter. This vulnerability allows attackers to execute arbitrary SQL…

  • CVE-2025-55171Aug 12, 2025
    risk 0.00cvss epss 0.01

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, the application does not check authentication at endpoint /html/personalizacao_remover.php allowing anonymous attacker (without login) to delete any…

  • CVE-2025-55170Aug 12, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting (XSS) vulnerability was identified in the /html/alterar_senha.php endpoint of the WeGIA application. This…

  • CVE-2025-55169Aug 12, 2025
    risk 0.00cvss epss 0.01

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/download_remessa.php endpoint. This vulnerability could…

  • CVE-2025-55168Aug 12, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicar_medicamento.php endpoint, specifically in the id_fichamedica parameter. This…

  • CVE-2025-55167Aug 12, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_remover.php endpoint, specifically in the id_dependente parameter.…

  • CVE-2025-54079Jul 18, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/atendido/Profile_Atendido.php`, in the `idatendido` parameter. This…

  • CVE-2025-54078Jul 18, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGIA application. This…

  • CVE-2025-54077Jul 18, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao.php` endpoint of the WeGIA application. This…

  • CVE-2025-54076Jul 18, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `pre_cadastro_atendido.php` endpoint of the WeGIA application. This…

  • CVE-2025-54062Jul 17, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `/html/funcionario/profile_dependente.php` endpoint, specifically in…

  • CVE-2025-54061Jul 17, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarDoc.php` endpoin…

  • CVE-2025-54060Jul 17, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarInfoPessoal.php`�…

  • CVE-2025-54058Jul 17, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarEndereco.php` en…

  • CVE-2025-53946Jul 17, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5 in the `id_funcionario` parameter of the `/html/saude/profile_paciente.php` endpoint. This…

  • CVE-2025-53938Jul 16, 2025
    risk 0.00cvss epss 0.01

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the `/dao/verificar_recursos_cargo.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability…

  • CVE-2025-53937Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the `/controle/control.php` endpoint, specifically in the `cargo` parameter, of WeGIA prior to version 3.4.5. This…

  • CVE-2025-53936Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This…

  • CVE-2025-53935Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `personalizacao_selecao.php` endpoint of the WeGIA application prior to version 3.4.5. This…

  • CVE-2025-53934Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows…

  • CVE-2025-53933Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_enfermidade.php` endpoint of the WeGIA application prior to version 3.4.5. This…

  • CVE-2025-53932Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_adotante.php` endpoint of the WeGIA application prior to version 3.4.5. This…

  • CVE-2025-53931Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_raca.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability…

  • CVE-2025-53930Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_especie.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability…

  • CVE-2025-53929Jul 16, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cor.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability…

  • CVE-2025-53824Jul 14, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the editar_permissoes.php endpoint of the WeGIA application prior to version 3.4.4. This vulnerability…

  • CVE-2025-53823Jul 14, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint `/WeGIA/html/socio/sistema/processa_deletar_socio.php`, in the `id_socio` parameter. This…

  • CVE-2025-53822Jul 14, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `relatorio_geracao.php` endpoint of the WeGIA application prior to version 3.4.5. This…

  • CVE-2025-53821Jul 14, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter,…

  • CVE-2025-53820Jul 14, 2025
    risk 0.00cvss epss 0.00

    WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows…

  • CVE-2025-53531Jul 7, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the fid parameter. Tests confirmed that the server processes…

  • CVE-2025-53530Jul 7, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a web manager for charitable institutions. The Wegia server has a vulnerability that allows excessively long HTTP GET requests to a specific URL. This issue arises from the lack of validation for the length of the errorstr parameter. Tests confirmed that the server…

  • CVE-2025-53529Jul 7, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a web manager for charitable institutions. An SQL Injection vulnerability was identified in the /html/funcionario/profile_funcionario.php endpoint. The id_funcionario parameter is not properly sanitized or validated before being used in a SQL query, allowing an…

  • CVE-2025-53527Jul 7, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker to inject arbitrary SQL queries, potentially leading to…

  • CVE-2025-53526Jul 7, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a web manager for charitable institutions. An XSS Injection vulnerability was identified in novo_memorando.php. After the memo was submitted, the vulnerability was confirmed by accessing listar_memorandos_antigos.php. Upon loading this page, the injected script was…

  • CVE-2025-53525Jul 7, 2025
    risk 0.00cvss epss 0.00

    WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the profile_familiar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the id_dependente parameter.…