Skip to main content

Pdks

3 CVEs product

Monthly

CVE-2026-7402 HIGH This Week

Remote authenticated attackers can flood PDKS (Personnel and Document Tracking System) through uncontrolled interaction frequency, achieving high integrity and availability impacts without confidentiality breach. This workforce management software by MeWare Software Development Inc. is vulnerable to denial-of-service conditions and potential data integrity compromise through rate-limiting bypass. Affects versions from V16.20200313 through VMYR_3.5.2025117. TR-CERT advisory available, EPSS data not provided, no CISA KEV listing identified.

Information Disclosure Pdks
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-7399 HIGH This Week

Remote authenticated attackers can bypass authorization controls in MeWare PDKS through user-controlled key manipulation, enabling privilege escalation to access and modify sensitive data without proper permissions. Affecting PDKS versions from V16.20200313 to VMYR_3.5.2025117, this vulnerability allows low-privileged users to abuse authorization mechanisms via network access without user interaction. No confirmed active exploitation or public exploit code identified at time of analysis, with EPSS data unavailable for risk quantification.

Authentication Bypass Pdks
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-7382 MEDIUM This Month

Authenticated remote attackers can access sensitive personal information in MeWare PDKS versions 16.20200313 through before VMYR_3.5.2025117 due to improper access controls. The vulnerability allows disclosure of private data without authorization, affecting confidentiality. CVSS score of 6.5 reflects moderate severity with network accessibility and low attack complexity, though authentication is required. No active exploitation or public proof-of-concept has been confirmed at time of analysis.

Information Disclosure Pdks
NVD
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 8.1
HIGH This Week

Remote authenticated attackers can flood PDKS (Personnel and Document Tracking System) through uncontrolled interaction frequency, achieving high integrity and availability impacts without confidentiality breach. This workforce management software by MeWare Software Development Inc. is vulnerable to denial-of-service conditions and potential data integrity compromise through rate-limiting bypass. Affects versions from V16.20200313 through VMYR_3.5.2025117. TR-CERT advisory available, EPSS data not provided, no CISA KEV listing identified.

Information Disclosure Pdks
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Remote authenticated attackers can bypass authorization controls in MeWare PDKS through user-controlled key manipulation, enabling privilege escalation to access and modify sensitive data without proper permissions. Affecting PDKS versions from V16.20200313 to VMYR_3.5.2025117, this vulnerability allows low-privileged users to abuse authorization mechanisms via network access without user interaction. No confirmed active exploitation or public exploit code identified at time of analysis, with EPSS data unavailable for risk quantification.

Authentication Bypass Pdks
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Authenticated remote attackers can access sensitive personal information in MeWare PDKS versions 16.20200313 through before VMYR_3.5.2025117 due to improper access controls. The vulnerability allows disclosure of private data without authorization, affecting confidentiality. CVSS score of 6.5 reflects moderate severity with network accessibility and low attack complexity, though authentication is required. No active exploitation or public proof-of-concept has been confirmed at time of analysis.

Information Disclosure Pdks
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy