{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T01:23:48.548","vulnerabilities":[{"cve":{"id":"CVE-2026-22788","sourceIdentifier":"security-advisories@github.com","published":"2026-01-12T22:16:08.343","lastModified":"2026-01-21T19:11:14.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19."},{"lang":"es","value":"WebErpMesv2 es un sistema web de gestión de recursos y ejecución de fabricación para la industria. Antes de la 1.19, la aplicación WebErpMesV2 expone múltiples puntos finales de API sensibles sin middleware de autenticación. Un atacante remoto no autenticado puede leer datos críticos para el negocio, incluyendo empresas, cotizaciones, pedidos, tareas y pizarras. Acceso de escritura limitado permite la creación de registros de empresas y la manipulación completa de pizarras de colaboración. Esta vulnerabilidad está corregida en la 1.19."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wem-project:wem:*:*:*:*:*:*:*:*","versionEndExcluding":"1.19","matchCriteriaId":"B8FFED4C-1ACD-4922-99EB-4951BD1C6B8E"}]}]}],"references":[{"url":"https://github.com/SMEWebify/WebErpMesv2/commit/3a7ab1c95d1d1c8f7c62c84bc87b3666ecd2fa23","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/SMEWebify/WebErpMesv2/security/advisories/GHSA-pp68-5pc2-hv7w","source":"security-advisories@github.com","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/SMEWebify/WebErpMesv2/security/advisories/GHSA-pp68-5pc2-hv7w","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Patch","Vendor Advisory"]}]}}]}