wegia

179 tracked vulnerabilities.

CVE-2026-40283 MEDIUM
WeGIA has stored XSS in profile_paciente.php
Apr 17, 2026
CVSS 6.8
EPSS 0.00
CVE-2026-35475 MEDIUM
WeGIA - Open Redirect - backup redirection — Unvalidated $_GET['redirect']
Apr 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-35474 MEDIUM
WeGIA - Open Redirect - atualizacao redirection - Unvalidated $_GET['redirect']
Apr 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-35473 MEDIUM
WeGIA - Open Redirect - IentradaControle - listarId() - Unvalidated $_GET['nextPage']
Apr 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-35472 MEDIUM
WeGIA - Open Redirect - EstoqueControle - listarTodos() - Unvalidated $_GET['nextPage']
Apr 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-35399 MEDIUM
WeGIA has Stored XSS in backup file names
Apr 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-35398 MEDIUM
WeGIA - Open Redirect - OrigemControle - listarTodos() & listarId_Nome() - Unvalidated $_GET['nextPage']
Apr 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-35396 MEDIUM
WeGIA - Open Redirect - IsaidaControle - listarId() - Unvalidated $_GET['nextPage']
Apr 06, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-35395 HIGH
WeGIA has a SQL Injection in DespachoDAO.php via id_memorando parameter
Apr 06, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33991 HIGH
WeGIA has SQL Injection in deletar_tag.php
Mar 27, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-33136 CRITICAL
WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter
Mar 20, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-33135 CRITICAL
WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter
Mar 20, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-33134 CRITICAL
WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter
Mar 20, 2026
CVSS 9.3
EPSS 0.00
CVE-2026-33133 HIGH
WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive
Mar 20, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-31896 CRITICAL
WeGIA < 3.6.6 - Authenticated SQL Injection via remover_produto_ocultar.php
Mar 11, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-31895 HIGH
WeGIA < 3.6.6 - SQL Injection via id_produto Parameter
Mar 11, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-31894 HIGH
WeGIA 3.6.5 - Arbitrary File Read via Unvalidated Symbolic Links in Backup Archive
Mar 11, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-28411 CRITICAL
WeGIA < 3.6.5 - Unauthenticated PHP Variable Overwrite via extract() on $_REQUEST
Feb 27, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-28409 CRITICAL NUCLEI
WeGIA < 3.6.5 - Authenticated Remote Code Execution via Database Restore Filename
Feb 27, 2026
CVSS 10.0
EPSS 0.01
CVE-2026-28408 CRITICAL
WeGIA < 3.6.5 - Unauthenticated Improper Authentication via adicionar_tipo_docs_atendido.php
Feb 27, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-23731 MEDIUM
WeGIA < 3.6.2 - Clickjacking via Missing Frame Protection Headers
Jan 16, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-23730 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter
Jan 16, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-23729 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter in control.php
Jan 16, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-23728 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter
Jan 16, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-23727 MEDIUM
WeGIA < 3.6.2 - Open Redirect via nextPage Parameter in control.php
Jan 16, 2026
CVSS 6.1
EPSS 0.00
Products
wegia 179
Quick Filters
Critical CVEs With Exploits In CISA KEV