CVE-2026-2105 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Department Management DeptController.java addDept/updateDept/deleteDept improper authorization

A vulnerability classified as critical was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file datasetreposwarehousesrcmainjavacomyeqifusyscontrollerDeptController.java of the component Department Management. Executing a manipulation can lead to improper authorization.

This vulnerability is registered as CVE-2026-2105. It is possible to launch the attack remotely. Furthermore, an exploit is available.

This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-2105 | yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4 Department Management DeptController.java addDept/updateDept/deleteDept improper authorization

Post correlati

CVE-2024-57556 | nbubna store up to 2.14.2 store.deep.js cross site scripting (Issue 127)

CVE-2025-53948 | Santesoft Sante PACS Server up to 4.2.2 HL7 Message double free (icsma-25-224-01)

CVE-2025-5562 | PHPGurukul Curfew e-Pass Management System 1.0 edit-category-detail.php editid sql injection

CVE-2023-53512 | Linux Kernel up to 5.10.172/5.15.98/6.1.15/6.2.2 scsi kfree memory leak