CVE-2026-2552
- EPSS 0.05%
- Veröffentlicht 16.02.2026 11:02:05
- Zuletzt bearbeitet 20.02.2026 18:00:00
A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of the argument filePath leads to path traversal. Upgrading to version 2...
CVE-2026-2551
- EPSS 0.06%
- Veröffentlicht 16.02.2026 10:32:07
- Zuletzt bearbeitet 20.02.2026 19:06:41
A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation of the argument fileName causes path traversal. It is possi...
CVE-2026-1884
- EPSS 0.03%
- Veröffentlicht 04.02.2026 21:32:08
- Zuletzt bearbeitet 11.02.2026 19:15:12
A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation causes server-side request forgery. The attack may be ...
CVE-2025-13789
- EPSS 0.05%
- Veröffentlicht 30.11.2025 13:32:16
- Zuletzt bearbeitet 04.12.2025 16:36:17
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The explo...
CVE-2025-13787
- EPSS 0.07%
- Veröffentlicht 30.11.2025 10:32:08
- Zuletzt bearbeitet 04.12.2025 16:44:07
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege manag...