{"vulnerability": "cve-2025-2661", "sightings": [{"uuid": "db6905be-ff7f-49fe-8f40-c62d9334f60a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26610", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii6nisrzx2p", "content": "", "creation_timestamp": "2025-02-18T21:16:20.374483Z"}, {"uuid": "edcc7e9a-7a5d-4829-8557-2bfa6fdfea6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2661", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll3ibwfavj2m", "content": "", "creation_timestamp": "2025-03-24T00:19:48.920416Z"}, {"uuid": "7323c351-c207-4c71-9f09-8e40302db935", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26615", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3lijq2256qb2z", "content": "", "creation_timestamp": "2025-02-19T12:00:16.698884Z"}, {"uuid": "2b7f620d-d265-47dd-bdc2-1d2e1080735f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26612", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii6noc5gs2k", "content": "", "creation_timestamp": "2025-02-18T21:16:25.986458Z"}, {"uuid": "05b7561f-2c3f-419b-9ea6-a6d3e1325a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26613", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii6nrorcd2g", "content": "", "creation_timestamp": "2025-02-18T21:16:29.457916Z"}, {"uuid": "d9d5b49a-be41-42bd-8b95-7c271357aafe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26614", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii6nusvw52y", "content": "", "creation_timestamp": "2025-02-18T21:16:33.091797Z"}, {"uuid": "549cae3b-08d5-44f3-9237-54502c6b0799", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26615", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii6nxtd6o2o", "content": "", "creation_timestamp": "2025-02-18T21:16:35.855389Z"}, {"uuid": "ebbe2a8c-fccc-4e73-a3e5-ac4d9d277494", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26616", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii6o3h4wy2y", "content": "", "creation_timestamp": "2025-02-18T21:16:39.650225Z"}, {"uuid": "86c60b10-e2b1-4f7d-b919-eee9f9391f96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26617", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lii6o6gshf2y", "content": "", "creation_timestamp": "2025-02-18T21:16:42.898078Z"}, {"uuid": "33d7a20b-6369-4df6-ad43-3a9a2dac1994", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26615", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114027325840955658", "content": "", "creation_timestamp": "2025-02-18T22:48:33.103824Z"}, {"uuid": "b19a3834-7a45-4640-bff1-5ce83154ffbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26616", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liihlph2w422", "content": "", "creation_timestamp": "2025-02-18T23:56:23.773254Z"}, {"uuid": "2f885cca-d783-4db3-bc0d-c477640b3e27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26611", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3liihlq25gn2v", "content": "", "creation_timestamp": "2025-02-18T23:56:25.823658Z"}, {"uuid": "f13c1fe0-2a81-45bd-9ec8-b7c63bf19f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26610", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "e7b2a3f0-5c17-405e-a633-444b6f9c8f21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26615", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3likychqrfk2k", "content": "", "creation_timestamp": "2025-02-20T00:00:49.326306Z"}, {"uuid": "71113cfa-8888-4418-a35a-28b883e31dcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26615", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:06.000000Z"}, {"uuid": "16c7cf3a-49bb-4ebe-b108-6b3a20cb8c7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26612", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:06.000000Z"}, {"uuid": "c4c0b6ee-fd0a-42c2-90a8-4eb5ad2394ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26613", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "d71ff124-130d-408f-8418-b5d8a267d463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26617", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "858994dd-2e6b-433e-9158-534de3957749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26611", "type": "seen", "source": "MISP/9ca82492-7deb-4197-a6f1-191e121eef96", "content": "", "creation_timestamp": "2025-08-25T13:32:05.000000Z"}, {"uuid": "8325ff3f-3bc1-46b8-8484-2e4daec5048a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26615", "type": "seen", "source": "https://t.me/cvedetector/18365", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26615 - WeGIA Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26615 \nPublished : Feb. 18, 2025, 9:15 p.m. | 47\u00a0minutes ago \nDescription : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `examples.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:24.000000Z"}, {"uuid": "7c870ca3-048a-4deb-a842-71188865f3d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26616", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"}, {"uuid": "60c3c13b-8a3d-49f1-a9fe-ba8663a4ea4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26614", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:43.000000Z"}, {"uuid": "8efbaede-427c-4906-9b64-efbce40c8eb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26614", "type": "seen", "source": "https://t.me/cvedetector/18364", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26614 - WeGIA SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-26614 \nPublished : Feb. 18, 2025, 9:15 p.m. | 47\u00a0minutes ago \nDescription : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_documento.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:23.000000Z"}, {"uuid": "c2a2e98c-2af9-4b06-92e2-d17593a6e558", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26618", "type": "seen", "source": "https://t.me/cvedetector/18578", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26618 - Erlang OTP SSH Packet Size Verification Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26618 \nPublished : Feb. 20, 2025, 7:15 p.m. | 22\u00a0minutes ago \nDescription : Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-20T20:41:09.000000Z"}, {"uuid": "019987c1-3a6a-4573-bd4b-9af179578794", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26611", "type": "seen", "source": "https://t.me/cvedetector/18361", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26611 - WeGIA Web Manager SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-26611 \nPublished : Feb. 18, 2025, 9:15 p.m. | 47\u00a0minutes ago \nDescription : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `remover_produto.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:18.000000Z"}, {"uuid": "6eb496f6-84a2-4d2b-8d61-f9b5e4bd4cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26610", "type": "seen", "source": "https://t.me/cvedetector/18360", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26610 - WeGIA SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26610 \nPublished : Feb. 18, 2025, 9:15 p.m. | 47\u00a0minutes ago \nDescription : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `restaurar_produto_desocultar.php` endpoint. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:17.000000Z"}, {"uuid": "76d0d6dd-d400-4795-bb46-7413ec8e5754", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26618", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4799", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26618\n\ud83d\udd25 CVSS Score: 7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H)\n\ud83d\udd39 Description: Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.\n\ud83d\udccf Published: 2025-02-20T19:04:54.691Z\n\ud83d\udccf Modified: 2025-02-20T19:05:07.412Z\n\ud83d\udd17 References:\n1. https://github.com/erlang/otp/security/advisories/GHSA-78cv-45vx-q6fr\n2. https://github.com/erlang/otp/commit/0ed2573cbd55c92e9125c9dc70fa1ca7fed82872", "creation_timestamp": "2025-02-20T19:49:28.000000Z"}, {"uuid": "5a451286-0ade-40b9-b848-c08074c4ad29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26613", "type": "seen", "source": "https://t.me/cvedetector/18363", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26613 - WeGIA OS Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26613 \nPublished : Feb. 18, 2025, 9:15 p.m. | 47\u00a0minutes ago \nDescription : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. An OS Command Injection vulnerability was discovered in the WeGIA application, `gerenciar_backup.php` endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:22.000000Z"}, {"uuid": "91f3263d-7824-468a-94f4-55a50e56edd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26612", "type": "seen", "source": "https://t.me/cvedetector/18362", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26612 - WeGIA SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26612 \nPublished : Feb. 18, 2025, 9:15 p.m. | 47\u00a0minutes ago \nDescription : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `adicionar_almoxarife.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:21.000000Z"}, {"uuid": "fee5b1e1-15be-42c9-89a7-1f60338aadc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26617", "type": "seen", "source": "https://t.me/cvedetector/18358", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26617 - WeGIA SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26617 \nPublished : Feb. 18, 2025, 9:15 p.m. | 47\u00a0minutes ago \nDescription : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing unauthorized access to sensitive information. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:16.000000Z"}, {"uuid": "7bf5dc06-d449-412d-96c9-ceeb7ce24574", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26616", "type": "seen", "source": "https://t.me/cvedetector/18357", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26616 - WeGIA Path Traversal Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26616 \nPublished : Feb. 18, 2025, 9:15 p.m. | 47\u00a0minutes ago \nDescription : WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, `exportar_dump.php` endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored in `config.php`. `config.php` contains information that could allow direct access to the database. This issue has been addressed in version 3.2.14 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-18T23:30:15.000000Z"}, {"uuid": "21ca1bdc-0381-451c-b23b-97e9804a5974", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2661", "type": "seen", "source": "https://t.me/cvedetector/20914", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2661 - Project Worlds Online Time Table Generator SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-2661 \nPublished : March 23, 2025, 8:15 p.m. | 18\u00a0minutes ago \nDescription : A vulnerability was found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /staff/index.php. The manipulation of the argument e leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-23T22:20:10.000000Z"}, {"uuid": "821c030a-0de7-420f-8dce-a5ffcbbd8a57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26619", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9091", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26619\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N)\n\ud83d\udd39 Description: Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be supported. The issue is patched in `vega` `5.31.0`  and `vega-functions` `5.16.0`. Some workarounds are available. Run `vega` without `vega.expressionInterpreter`. This mode is not the default as it is slower. Alternatively, using the interpreter described in CSP safe mode (Content Security Policy) prevents arbitrary Javascript from running, so users of this mode are not affected by this vulnerability.\n\ud83d\udccf Published: 2025-03-27T13:51:38.442Z\n\ud83d\udccf Modified: 2025-03-27T14:21:44.479Z\n\ud83d\udd17 References:\n1. https://github.com/vega/vega/security/advisories/GHSA-rcw3-wmx7-cphr\n2. https://github.com/vega/vega-lite/issues/9469\n3. https://github.com/vega/vega/issues/3984\n4. https://github.com/vega/vega/commit/8fc129a6f8a11e96449c4ac0f63de0e5bfc7254c", "creation_timestamp": "2025-03-27T14:27:25.000000Z"}, {"uuid": "6969aaa2-70cf-4edb-bea7-aeb0c002e97c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26616", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12841", "content": "\ud83d\udea8 Critical Security Vulnerability\n\ud83c\udd94 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617\n\ud83d\udca3 CVSS Score: 9.4, 10, 10, 10, 10, 9.4, 10, 10, 10, 9.4, 10, 10, 10\n\ud83d\udcc5 Published Date: 25/02/18\n\u26a0\ufe0f Details: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletar_cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2025-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26606\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26607\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26608\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26609\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26613\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26614\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26615\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26616\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26617", "creation_timestamp": "2025-02-18T22:45:47.000000Z"}, {"uuid": "59c88d85-151b-4564-8ec8-e0e7d731e557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26610", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12841", "content": "\ud83d\udea8 Critical Security Vulnerability\n\ud83c\udd94 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617\n\ud83d\udca3 CVSS Score: 9.4, 10, 10, 10, 10, 9.4, 10, 10, 10, 9.4, 10, 10, 10\n\ud83d\udcc5 Published Date: 25/02/18\n\u26a0\ufe0f Details: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletar_cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2025-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26606\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26607\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26608\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26609\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26613\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26614\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26615\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26616\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26617", "creation_timestamp": "2025-02-18T22:45:47.000000Z"}, {"uuid": "73023681-7210-47d6-9d74-8b5c0f030a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26611", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12841", "content": "\ud83d\udea8 Critical Security Vulnerability\n\ud83c\udd94 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617\n\ud83d\udca3 CVSS Score: 9.4, 10, 10, 10, 10, 9.4, 10, 10, 10, 9.4, 10, 10, 10\n\ud83d\udcc5 Published Date: 25/02/18\n\u26a0\ufe0f Details: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletar_cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2025-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26606\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26607\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26608\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26609\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26613\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26614\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26615\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26616\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26617", "creation_timestamp": "2025-02-18T22:45:47.000000Z"}, {"uuid": "326991c4-ac3b-4c7b-8a35-33b6bc4ddf39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26614", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12841", "content": "\ud83d\udea8 Critical Security Vulnerability\n\ud83c\udd94 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617\n\ud83d\udca3 CVSS Score: 9.4, 10, 10, 10, 10, 9.4, 10, 10, 10, 9.4, 10, 10, 10\n\ud83d\udcc5 Published Date: 25/02/18\n\u26a0\ufe0f Details: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletar_cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2025-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26606\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26607\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26608\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26609\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26613\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26614\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26615\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26616\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26617", "creation_timestamp": "2025-02-18T22:45:47.000000Z"}, {"uuid": "16a8b1c7-cb3f-42af-be72-f8bacfa97b7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26615", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12841", "content": "\ud83d\udea8 Critical Security Vulnerability\n\ud83c\udd94 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617\n\ud83d\udca3 CVSS Score: 9.4, 10, 10, 10, 10, 9.4, 10, 10, 10, 9.4, 10, 10, 10\n\ud83d\udcc5 Published Date: 25/02/18\n\u26a0\ufe0f Details: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletar_cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2025-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26606\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26607\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26608\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26609\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26613\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26614\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26615\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26616\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26617", "creation_timestamp": "2025-02-18T22:45:47.000000Z"}, {"uuid": "33f18b35-eca9-4af9-86fb-fa4538599109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26610", "type": "published-proof-of-concept", "source": "Telegram/qzNJGCFsMgJglun_Y4ryMwfMDSyhIyGxTghteqtBbNONQb0", "content": "", "creation_timestamp": "2025-02-18T22:34:40.000000Z"}, {"uuid": "ba16f775-ece6-4836-8f23-387b9b307f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26611", "type": "published-proof-of-concept", "source": "Telegram/qzNJGCFsMgJglun_Y4ryMwfMDSyhIyGxTghteqtBbNONQb0", "content": "", "creation_timestamp": "2025-02-18T22:34:40.000000Z"}, {"uuid": "0da76674-fc71-4a15-b051-ab659c764ca5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26612", "type": "published-proof-of-concept", "source": "Telegram/qzNJGCFsMgJglun_Y4ryMwfMDSyhIyGxTghteqtBbNONQb0", "content": "", "creation_timestamp": "2025-02-18T22:34:40.000000Z"}, {"uuid": "68c2e568-a867-45bc-8053-679a6006246a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26617", "type": "published-proof-of-concept", "source": "Telegram/4XaNwPTMFyO1Vz7bqzn38wD37G0y60931j9yFHwcc2fnqpY", "content": "", "creation_timestamp": "2025-02-18T22:34:38.000000Z"}, {"uuid": "d1355725-b9fc-47c9-acb3-e8a3f49a87ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26613", "type": "published-proof-of-concept", "source": "Telegram/4XaNwPTMFyO1Vz7bqzn38wD37G0y60931j9yFHwcc2fnqpY", "content": "", "creation_timestamp": "2025-02-18T22:34:38.000000Z"}, {"uuid": "f057e3cc-da62-441d-90f9-c072c2de51f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26616", "type": "published-proof-of-concept", "source": "Telegram/4XaNwPTMFyO1Vz7bqzn38wD37G0y60931j9yFHwcc2fnqpY", "content": "", "creation_timestamp": "2025-02-18T22:34:38.000000Z"}, {"uuid": "555e2136-5613-4c5c-a235-f39a9b5c11a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26614", "type": "published-proof-of-concept", "source": "Telegram/4XaNwPTMFyO1Vz7bqzn38wD37G0y60931j9yFHwcc2fnqpY", "content": "", "creation_timestamp": "2025-02-18T22:34:38.000000Z"}, {"uuid": "a6579275-606f-4e2e-99ff-72a4d90f1a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26615", "type": "published-proof-of-concept", "source": "Telegram/4XaNwPTMFyO1Vz7bqzn38wD37G0y60931j9yFHwcc2fnqpY", "content": "", "creation_timestamp": "2025-02-18T22:34:38.000000Z"}, {"uuid": "8c682fb2-b757-4d79-be8c-cba3193a7e52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26612", "type": "published-proof-of-concept", "source": "Telegram/4XaNwPTMFyO1Vz7bqzn38wD37G0y60931j9yFHwcc2fnqpY", "content": "", "creation_timestamp": "2025-02-18T22:34:38.000000Z"}, {"uuid": "2a503dec-cbc7-4d25-857b-c92b7e49a99a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26612", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12841", "content": "\ud83d\udea8 Critical Security Vulnerability\n\ud83c\udd94 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617\n\ud83d\udca3 CVSS Score: 9.4, 10, 10, 10, 10, 9.4, 10, 10, 10, 9.4, 10, 10, 10\n\ud83d\udcc5 Published Date: 25/02/18\n\u26a0\ufe0f Details: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletar_cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2025-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26606\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26607\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26608\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26609\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26613\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26614\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26615\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26616\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26617", "creation_timestamp": "2025-02-18T22:45:47.000000Z"}, {"uuid": "acd92a89-91cb-4c70-b8b3-dd94274d59f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26613", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12841", "content": "\ud83d\udea8 Critical Security Vulnerability\n\ud83c\udd94 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617\n\ud83d\udca3 CVSS Score: 9.4, 10, 10, 10, 10, 9.4, 10, 10, 10, 9.4, 10, 10, 10\n\ud83d\udcc5 Published Date: 25/02/18\n\u26a0\ufe0f Details: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletar_cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2025-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26606\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26607\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26608\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26609\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26613\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26614\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26615\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26616\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26617", "creation_timestamp": "2025-02-18T22:45:47.000000Z"}, {"uuid": "c983b835-61a2-4866-a61d-46d3d85f2797", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26617", "type": "seen", "source": "https://t.me/TheDarkWebInformer/12841", "content": "\ud83d\udea8 Critical Security Vulnerability\n\ud83c\udd94 CVE-2025-26605, CVE-2025-26606, CVE-2025-26607, CVE-2025-26608, CVE-2025-26609, CVE-2025-26610, CVE-2025-26611, CVE-2025-26612, CVE-2025-26613, CVE-2025-26614, CVE-2025-26615, CVE-2025-26616, CVE-2025-26617\n\ud83d\udca3 CVSS Score: 9.4, 10, 10, 10, 10, 9.4, 10, 10, 10, 9.4, 10, 10, 10\n\ud83d\udcc5 Published Date: 25/02/18\n\u26a0\ufe0f Details: WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, deletar_cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nNIST: https://nvd.nist.gov/vuln/detail/CVE-2025-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26606\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26607\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26608\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26609\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26610\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26612\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26613\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26614\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26615\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26616\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-26617", "creation_timestamp": "2025-02-18T22:45:47.000000Z"}, {"uuid": "8fe62541-0e68-4336-a302-5024aa963ca8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-26618", "type": "seen", "source": "Telegram/0RhbwYwzwEyjXCGtJTM02J2pXDTqA9dWpzhuh8c1zxBbzDF_", "content": "", "creation_timestamp": "2025-02-20T23:26:56.000000Z"}]}