Teamwork

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-34133	Wimi Teamwork Teamwork	Hig	0.46	—	0.00		Oct 27, 2025	Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrf_token' without validating the field’s value; only the presence of the field is…
CVE-2026-35023	Wimi Teamwork Teamwork	Med	0.28	4.3	0.00		Apr 8, 2026	Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve image…

CVE-2025-34133HigOct 27, 2025
Wimi Teamwork
Teamwork
risk 0.46cvss —epss 0.00
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrf_token' without validating the field’s value; only the presence of the field is…
CVE-2026-35023MedApr 8, 2026
Wimi Teamwork
Teamwork
risk 0.28cvss 4.3epss 0.00
Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the item_id parameter lacks proper authorization checks. Attackers can enumerate sequential item_id values to access and retrieve image…