Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.5 views

CVE-2025-50857

ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...

9.8CVSS5.9AI score0.02293EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:0 a.m.8 views

CVE-2025-50857

ZenTaoPMS v18.11 through v21.6.beta is vulnerable to Directory Traversal in /module/ai/control.php. This allows attackers to execute arbitrary code via a crafted file upload...

9.8CVSS6.2AI score0.02293EPSS
Exploits0References3
OSV
OSV
added 2026/02/16 11:15 a.m.4 views

CVE-2026-2551

A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploi...

5.4CVSS5.4AI score0.00454EPSS
Exploits1References4
NVD
NVD
added 2025/11/30 11:15 a.m.6 views

CVE-2025-13787

A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack...

9.1CVSS0.00328EPSS
Exploits1References6
NVD
NVD
added 2025/11/13 8:15 p.m.7 views

CVE-2022-4984

ZenTao Biz 6.5, ZenTao Max 3.0, ZenTao Open Source Edition 16.5, and ZenTao Open Source Edition 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database...

8.7CVSS0.00402EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-2235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1....

8.7CVSS5.5AI score0.00846EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/27 12:15 a.m.5 views

CVE-2023-46374

ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting XSS...

6.1CVSS5.8AI score0.0037EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/10/27 12:15 a.m.4 views

CVE-2023-46491

ZenTao Biz version 4.1.3 and before has a Cross Site Scripting XSS vulnerability in the Version Library...

6.1CVSS5.8AI score0.0037EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.4 views

PT-2023-29306 · Unknown · Zentao Community Edition +2

Name of the Vulnerable Software and Affected Versions: ZenTao Community Edition versions 18.6 and earlier ZenTao Biz versions 8.6 and earlier ZenTao Max versions 4.7 and earlier Description: The issue allows an attacker to execute arbitrary code via a crafted script to the Office Conversion...

8.8CVSS8.8AI score0.00935EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.4 views

PT-2023-11581 · Easysoft · Easysoft Zentao

Name of the Vulnerable Software and Affected Versions: EasySoft ZenTao version 11.6.4 Description: The issue allows a remote attacker to execute arbitrary code via the lastComment parameter, which is related to a Cross Site Scripting vulnerability. Recommendations: For EasySoft ZenTao version...

6.1CVSS7.4AI score0.00565EPSS
Exploits1References5
Rows per page
Query Builder