Every CVE whose affected-product data names Weaver E-cology, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2026-22679 — CVSS 9.8 (critical): Weaver (Fanwei) E-cology 10.0 versions prior to 20260312 contain an unauthenticated remote code execution vulnerability in the…
CVE-2023-51892 — CVSS 9.8 (critical): An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the…
CVE-2024-48069 — CVSS 9.8 (critical): A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files…
CVE-2024-48070 — CVSS 9.8 (critical): An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code…
CVE-2024-48072 — CVSS 9.8 (critical): Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.form…
CVE-2025-34038 — CVSS 7.5 (high): A SQL injection vulnerability exists in Weaver E-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user…
CVE-2024-48071 — CVSS 6.5 (medium): E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the…
CVE-2019-10272 — CVSS 6.1 (medium): An issue was discovered in Weaver e-cology 9.0. There is a CRLF Injection vulnerability via the /workflow/request/ViewRequestForwardSPA.jsp…
CVE-2023-2806 — CVSS 5.5 (medium): A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function…
CVE-2023-3793 — CVSS 5.5 (medium): A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file…
CVE-2024-7704 — CVSS 5.3 (medium): A vulnerability was found in Weaver e-cology 8. It has been classified as problematic. Affected is an unknown function of the file…