Lucene search
K

14 matches found

Vulnrichment
Vulnrichment
added 2026/02/16 10:32 a.m.6 views

CVE-2026-2551 ZenTao Backup control.php delete path traversal

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...

5.5CVSS5.3AI score0.00454EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/16 10:32 a.m.7 views

CVE-2026-2551

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...

5.5CVSS5.3AI score0.00454EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.5 views

PT-2026-8334

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...

5.5CVSS5.3AI score0.00454EPSS
Exploits1References5
OSV
OSV
added 2025/11/30 2:16 p.m.9 views

CVE-2025-13789

A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...

5.3CVSS5.5AI score0.00257EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/11/30 1:32 p.m.12 views

CVE-2025-13789 ZenTao model.php makeRequest server-side request forgery

A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used...

6.5CVSS0.00257EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-14307

Malware in sbrugna...

9CVSS7AI score0.04009EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-21640

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.01274EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:38 a.m.11 views

CVE-2024-24216

Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...

9.8CVSS9.9AI score0.01274EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:51 p.m.7 views

CVE-2022-47745

ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After logging in with any user, you can complete SQL injection by constructing a special request and sending it to function importNotice...

8.8CVSS8.1AI score0.15394EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:30 p.m.5 views

CVE-2020-22533

Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter...

6.1CVSS7.3AI score0.00514EPSS
Exploits1
OSV
OSV
added 2024/02/08 6:15 a.m.3 views

CVE-2024-24216

Zentao v18.0 to v18.10 was discovered to contain a remote code execution RCE vulnerability via the checkConnection method of /app/zentao/module/repo/model.php...

9.8CVSS8.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/10 3:15 a.m.4 views

CVE-2023-44827

An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function...

8.8CVSS6.2AI score0.00935EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/04/04 12:0 a.m.7 views

CVE-2020-22533

Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter...

7.3AI score0.00514EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.4 views

PT-2023-11621 · Zentao · Zentao

Name of the Vulnerable Software and Affected Versions: Zentao affected versions not specified Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the lang parameter. This enables the attacker to inject malicious scripts into the website, potentially...

6.1CVSS6.4AI score0.00514EPSS
Exploits1References3
Rows per page
Query Builder