5.3

CVSS4.0

CVE-2025-62359 - WeGIA Cross-Site Scripting (XSS) Reflected endpoint id_pet

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /pet/profile_pet.php?id_pet= endpoint of the WeGIA application. This vulnerability allows attackers to inject maโ€ฆ

๐Ÿ“… Published: Oct. 13, 2025, 9:21 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 1:10 p.m.

5.4

CVSS3.1

CVE-2025-62358 - WeGIA Reflected XSS to Account TakeOver at /html/configuracao/configuracao_geral.php via log parameโ€ฆ

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracao_geral.php is vulnerable to Reflected Cross-Site Scripting (XSS). An attacker can inject arbitrary JavaScript, which executes in the victimโ€™s browser. Thiโ€ฆ

๐Ÿ“… Published: Oct. 13, 2025, 9:16 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 1:10 p.m.

8.6

CVSS4.0

CVE-2025-62179 - WeGIA SQL Injection via 'cpf' param at endpoint `/html/funcionario/cadastro_funcionario_pessoa_exisโ€ฆ

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php endpoint, specifically in the cpf parameter. This vulnerability allows attaโ€ฆ

๐Ÿ“… Published: Oct. 13, 2025, 9:13 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 1:10 p.m.

6.5

CVSS3.1

CVE-2025-62384 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

๐Ÿ“… Published: Oct. 13, 2025, 9:13 p.m. ๐Ÿ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

6.5

CVSS3.1

CVE-2025-62386 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

๐Ÿ“… Published: Oct. 13, 2025, 9:12 p.m. ๐Ÿ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

6.5

CVSS3.1

CVE-2025-62383 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

๐Ÿ“… Published: Oct. 13, 2025, 9:12 p.m. ๐Ÿ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

6.5

CVSS3.1

CVE-2025-62391 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

๐Ÿ“… Published: Oct. 13, 2025, 9:12 p.m. ๐Ÿ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

3.5

CVSS3.1

CVE-2025-62178 - WeGIA Cross-Site Scripting (XSS) Reflected endpoint '/html/atendido/cadastro_atendido_parentesco_peโ€ฆ

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in the /html/atendido/cadastro_atendido_parentesco_pessoa_nova.php endpoint of the WeGIA application. This vulnerabilitโ€ฆ

๐Ÿ“… Published: Oct. 13, 2025, 9:12 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 1:10 p.m.

6.5

CVSS3.1

CVE-2025-62385 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

๐Ÿ“… Published: Oct. 13, 2025, 9:12 p.m. ๐Ÿ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.

6.5

CVSS3.1

CVE-2025-62387 -

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database.

๐Ÿ“… Published: Oct. 13, 2025, 9:11 p.m. ๐Ÿ”„ Last Modified: Feb. 10, 2026, 6:16 p.m.
Total resulsts: 349182
Page 3456 of 34,919
ยซ previous page ยป next page
Filters