zentao CVE 脆弱性と CVE 一覧(10)

製品(CPE): — CVE 件数: 10

zentao 脆弱性概要

zentao 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に パス処理の欠陥 and vendor risk sql injection などに関し、一部は ファイル上書き を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 110 / 10 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-2552 A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 21.7.9 can resolve this issue. The affected component should be upgraded. [email protected] 5.1 0.39% 2026-02-16 2026-06-17
CVE-2026-2551 A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. [email protected] 2.1 0.45% 2026-02-16 2026-06-17
CVE-2026-1884 A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 2.0 0.38% 2026-02-04 2026-06-17
CVE-2025-13789 A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 21.7.6 mitigates this issue. It is suggested to upgrade the affected component. [email protected] 2.1 0.25% 2025-11-30 2026-06-17
CVE-2025-13787 A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 21.7.7 is sufficient to fix this issue. You should upgrade the affected component. [email protected] 5.3 0.32% 2025-11-30 2026-06-17
CVE-2022-4984 ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. The application does not properly validate the account parameter on /zentao/user-login.html before using it in a database query. A remote unauthenticated attacker can exploit this issue to execute crafted SQL expressions and retrieve sensitive information from the backend database, including user and application data [email protected] 8.7 0.39% 2025-11-13 2026-06-17
CVE-2023-46376 Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. [email protected] 7.5 0.36% 2023-10-26 2026-06-17
CVE-2023-46375 ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF). [email protected] 8.8 0.29% 2023-10-26 2026-06-17
CVE-2023-46491 ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. [email protected] 6.1 0.37% 2023-10-26 2026-06-17
CVE-2023-46374 ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS). [email protected] 6.1 0.37% 2023-10-26 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence