VYPR
Vendor

Weaver

Products
5
CVEs
15
Across products
20
Status
Private

Products

5

Recent CVEs

15
  • CVE-2026-22679CriApr 7, 2026
    risk 0.64cvss 9.8epss 0.21

    Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality.…

  • CVE-2022-50992HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.01

    Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the…

  • CVE-2025-9590LowAug 28, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated remotely. The exploit is…

  • CVE-2023-2766May 17, 2023
    risk 0.07cvss epss 0.54

    A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated…

  • CVE-2025-34038Jun 24, 2025
    risk 0.00cvss epss 0.02

    A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query within the getSelectAllIds(sql, type) method, reachable through the cmd=getSelectAllId…

  • CVE-2024-48070Nov 19, 2024
    risk 0.00cvss epss 0.01

    An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges

  • CVE-2024-48071Nov 19, 2024
    risk 0.00cvss epss 0.01

    E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service.

  • CVE-2024-48072Nov 19, 2024
    risk 0.00cvss epss 0.00

    Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition…

  • CVE-2024-48069Nov 19, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges

  • CVE-2024-7704Aug 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file /cloudstore/ecode/setup/ecology_dev.zip of the component Source Code Handler. The manipulation leads to information disclosure. It is possible to…

  • CVE-2023-51892Jan 20, 2024
    risk 0.00cvss epss 0.01

    An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.

  • CVE-2023-3793Jul 20, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY…

  • CVE-2023-2806May 19, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is…

  • CVE-2021-3836Dec 14, 2021
    risk 0.00cvss epss 0.01

    dbeaver is vulnerable to Improper Restriction of XML External Entity Reference

  • CVE-2019-10272Apr 30, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp isintervenor parameter, as demonstrated by the %0aSet-cookie: substring.