CVE-2026-1514
published 2026-01-28CVE-2026-1514: Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify…
PriorityP340medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.26%
17.2th percentile
Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official documents.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 2100_technology | official_document_management_system | 5.0.77 – 5.0.98 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv4.07.1HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h3xm-w5hm-v36m: Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers
ghsa_unreviewed·2026-01-28
CVE-2026-1514 [HIGH] CWE-863 GHSA-h3xm-w5hm-v36m: Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers
Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official documents.
Red Hat
kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation
vendor_redhat·2026-02-04·CVSS 7.8
CVE-2026-23074 [HIGH] CWE-825 kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation
kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation
In the Linux kernel, the following vulnerability has been resolved:
net/sched: Enforce that teql can only be used as root qdisc
Design intent of teql is that it is only supposed to be used as root qdisc.
We need to check for that constraint.
Although not important, I will describe the scenario that unearthed this
issue for the curious.
GangMin Kim managed to concot a scenario as follows:
ROOT qdisc 1:0 (QFQ)
├── class 1:1 (weight=15, lmax=16384) netem with delay 6.4s
└── class 1:2 (weight=1, lmax=1514) teql
GangMin sends a packet which is enqueued to 1:1 (netem).
Any invocation of dequeue by QFQ from this class will not return a packet
until after 6.4s. In the meantime, a second packet is sen
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-01-28
Published