CVE-2026-31151

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources...

EUVD-2026-19271

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources...

CVE-2026-31151

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources...

CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

CVE-2026-31151

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources...

CVE-2026-31150

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

PT-2026-30611

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources...

PT-2026-30612

An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the application 's resources...

Kaleris Yard Management Solutions 安全漏洞

Kaleris Yard Management Solutions is a management system developed by the American company Kaleris, designed to optimize the scheduling of station vehicles and logistics operations. Version 7.2.2.1 of Kaleris Yard Management Solutions contains a security vulnerability. This vulnerability stems fr...

CVE-2026-31151

The vulnerability CVE-2026-31151 affects Kaleris YMS, specifically version 7.2.2.1, where the login mechanism can be bypassed to access application resources. The issue is described as a login bypass with impact described as high/critical (C/H, I/H, A/H) in the NVD metrics; exploitation context i...

CVE-2025-12976

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eventslistgrouped' shortcode in all versions up to, and including, 7.2.2.1 due to insufficient input sanitization and output escaping on user supplied...

CVE-2022-22366

IBM UrbanCode Deploy UCD 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106...

CVE-2022-22367

IBM UrbanCode Deploy UCD 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008...

CVE-2022-22315

IBM UrbanCode Deploy (UCD) CVE-2022-22315 describes an elevation-of-privilege where an authenticated user with special permissions could obtain elevated privileges due to improper handling of permissions. Affected versions include UCD 7.2.2.1, with other disclosures listing broader affected range...

Security Bulletin: UrbanCode Deploy users with create-resource permission for the standard resource type may create child resources inheriting custom types (CVE-2022-22315).

Summary Users in UrbanCode Deploy with create-resource permission for the standard resource type but not for a custom resource type, may create child resources inheriting that custom type. Vulnerability Details CVEID: CVE-2022-22315 DESCRIPTION: IBM UrbanCode Deploy UCD could allow an authenticat...