Security Vulnerabilities
Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-03
Delta Electronics DIAScreen lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-10-03
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-10-02
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an Open Redirect vulnerability, identified in the control.php endpoint, specifically in the nextPage parameter (metodo=listarUmnomeClasse=FuncionarioControle). This vulnerability allows attackers to redirect users to arbitrary external domains, enabling phishing campaigns, malicious payload distribution, or user credential theft. This issue is fixed in version 3.5.0.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-02
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the get_relatorios_socios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and financial information of members without requiring authentication or authorization. This issue is fixed in version 3.5.0.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-02
CVE-2025-54088 is an open-redirect vulnerability in Secure
Access prior to version 14.10. Attackers with access to the console can
redirect victims to an arbitrary URL. The attack complexity is low, attack
requirements are present, no privileges are required, and users must actively
participate in the attack. Impact to confidentiality is low and there is no
impact to integrity or availability. There are high severity impacts to
confidentiality, integrity, availability in subsequent systems.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-02
CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administrator’s access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.
CVSS Score
3.4
EPSS Score
0.0
Published
2025-10-02
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-10-02
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger the action using the victim’s authenticated session. This issue is fixed in version 3.5.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-10-02
CVE-2025-54086 is an excess permissions vulnerability in the
Warehouse component of Absolute Secure Access prior to version 14.10. Attackers
with access to the local file system can read the Java keystore file. The
attack complexity is low, there are no attack requirements, the privileges
required are low and no user interaction is required. Impact to confidentiality
is low, there is no impact to integrity or availability.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-10-02