4.8
CVE-2026-23727 - WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=lis…
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoSaidaControle.…
4.8
CVE-2026-23726 - WeGIA has an Open Redirect Vulnerability in control.php Endpoint via nextPage Parameter (metodo=lis…
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, An Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=TipoEntradaControl…
5.3
CVE-2026-23725 - WeGIA Stored Cross-Site Scripting (XSS) – nome Parameter on Adopters Information Page
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/pet/adotantes/cadastro_adotante.php and html/pet/adotantes/informacao_adotantes.php endpoint of the WeGIA application. The application does not sanitize u…
4.3
CVE-2026-23724 - WeGIA Stored Cross-Site Scripting (XSS) – atendido_idatendido Parameter on Occurrence Registration …
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting (XSS) vulnerability was identified in the html/atendido/cadastro_ocorrencia.php endpoint of the WeGIA application. The application does not sanitize user-controlled data before rendering it inside the …
9.1
CVE-2026-23722 - WeGIA has a Reflected Cross-Site Scripting (XSS) vulnerability allowing arbitrary code execution an…
WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the WeGIA system, specifically within the html/memorando/insere_despacho.php file. The application fails to properly sanitize or encode user-supplied input via …
7.2
CVE-2026-23723 - WeGIA has a Critical SQL Injection in Atendido_ocorrenciaControle via id_memorando parameter
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, an authenticated SQL Injection vulnerability was identified in the Atendido_ocorrenciaControle endpoint via the id_memorando parameter. This flaw allows for full database exfiltration, exposure of sensitive PII, and potential arbit…
5.3
CVE-2026-23645 - SiYuan Vulnerable to Stored Cross-Site Scripting (XSS) via Unrestricted SVG File Upload
SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an unt…
0
CVE-2026-23634 - Pepr Overly Permissive RBAC ClusterRole in Admin Mode
Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with P…
8.5
CVE-2021-47847 - Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path
Disk Sorter Server 13.6.12 contains an unquoted service path vulnerability in its binary path configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Disk Sorter Server\bin\disksrs.exe' to inject malicious executa…
8.5
CVE-2021-47845 - Spy Emergency 25.0.650 - Unquoted Service Path
Spy Emergency 25.0.650 contains an unquoted service path vulnerability in its Windows service configurations that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted file paths in SpyEmergencyHealth.exe and SpyEmergencySrv.exe to inject malicious code…