CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

256 matches found

RedhatCVE•added 2026/01/09 12:24 p.m.•9 views

CVE-2018-14885

Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds...

9.8CVSS7.3AI score0.00726EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:24 p.m.•5 views

CVE-2018-14867

Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters...

5.3CVSS7.1AI score0.00258EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:22 p.m.•4 views

CVE-2018-14859

Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by being the first party to use the secure token...

8.1CVSS6.9AI score0.00265EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:22 p.m.•4 views

CVE-2018-14868

Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call...

6.5CVSS6.8AI score0.00145EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:22 p.m.•4 views

CVE-2018-14864

Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment...

6.5CVSS6.5AI score0.00134EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:9 a.m.•4 views

CVE-2019-11786

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements...

4.3CVSS6.7AI score0.00147EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:9 a.m.•5 views

CVE-2019-11781

Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation...

8.8CVSS7.1AI score0.00244EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:9 a.m.•4 views

CVE-2019-11785

Improper access control in mail module followers in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages...

6.5CVSS6.5AI score0.00198EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:37 a.m.•6 views

CVE-2019-11780

Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation...

8.1CVSS6.2AI score0.00213EPSS

Exploits0References1