CVE-2026-2105
published 2026-02-07CVE-2026-2105: A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.28%
19.3th percentile
A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been published and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yeqifu | warehouse | <= 2025-10-06 | — |
| yeqifu | warehouse | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
cisa8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vgj5-9p6r-986x: A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4
ghsa_unreviewed·2026-02-07
CVE-2026-2105 [MEDIUM] CWE-266 GHSA-vgj5-9p6r-986x: A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4
A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been published and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
CISA
Digiever DS-2105 Pro Missing Authorization Vulnerability
cisa·2025-12-22·CVSS 8.8
CVE-2023-52163 [HIGH] CWE-862 Digiever DS-2105 Pro Missing Authorization Vulnerability
Vulnerability: Digiever DS-2105 Pro Missing Authorization Vulnerability
Affected: Digiever DS-2105 Pro
Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.digiever.com/tw/support/faq-content.php?FAQ=217 ; https://nvd.nist.gov/vuln/detail/CVE-2023-52163
Remediation Due Date: 2026-01-12
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-07
Published