Weaver Network Co Ltd E-Cology vulnerabilities
2 known vulnerabilities affecting weaver_network_co_ltd/e-cology.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-22679P1CRITICALCVSS 9.8Exploitedfixed in 202603122026-04-07
CVE-2026-22679 [CRITICAL] CWE-306 CVE-2026-22679: Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code exec
Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the /papi/esearch/data/devops/dubboApi/debug/method endpoint that allows attackers to execute arbitrary commands by invoking exposed debug functionality. Attackers can craft POST requests with attacker-controlled interfaceName
nvd
CVE-2022-50992P1HIGHCVSS 7.5Exploitedfixed in 10.522026-04-30
CVE-2022-50992 [HIGH] CWE-22 CVE-2022-50992: Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods. Attackers can exploit the
nvd