CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

PT-2026-5726

Name of the Vulnerable Software and Affected Versions Odoo versions 21.11 through 25.10 Odoo versions 26.05 Description The NixOS Odoo package, an open source ERP and CRM system, exposes the database manager without authentication. This allows unauthorized actors to delete and download the entire...

EUVD-2024-23120

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

EUVD-2024-23122

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the msg parameter...

CVE-2024-25812

CVE-2024-25812 applies to MyNET up to v26.05 and is a reflected cross-site scripting (XSS) vulnerability exploitable via the src parameter. Affected software is MyNET v26.05 and earlier. The CVSSv3.1 base score is 6.1 (MEDIUM) with network attack vector, low confidentiality/integrity impact, and ...

CVE-2024-25812

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the src parameter...

CVE-2024-25814

MyNET up to v26.05 was discovered to contain a reflected cross-site scripting XSS vulnerability via the msg parameter...