145 matches found
EUVD-2026-8602
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...
CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...
CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...
CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...
PT-2026-21846
Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 1.2.3 Description InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom...
InvenTree 安全漏洞
InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.3 contained security vulnerabilities, which were caused by insecure server-side templates. These...
EUVD-2025-16786
Malicious code in bioql PyPI...
EUVD-2024-42543
Malicious code in bioql PyPI...
EUVD-2022-6042
Malicious code in bioql PyPI...
EUVD-2022-34399
Malicious code in bioql PyPI...
EUVD-2022-6715
Malicious code in bioql PyPI...
CVE-2025-49000
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...
CVE-2025-49000
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...
CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...
CVE-2025-49000
InvenTree (before v0.17.13) has an unbounded skip field in the built-in label-sheet plugin. An authenticated label-printing user can trigger a denial-of-service via memory exhaustion by supplying a large value, as described in CVE-2025-49000. The issue is fixed in v0.17.13 and higher. No workarou...
CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...
CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...
PT-2025-23674
Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.17.13 Description The issue affects the built-in label-sheet plugin, where the skip field lacks an upper bound. This allows any authenticated label-printing user to trigger a denial-of-service via memory exhaustio...
InvenTree 安全漏洞
InvenTree is an open source inventory management system from InvenTree Open Source. It provides powerful low-level inventory control and parts tracking. A security vulnerability exists in InvenTree versions prior to 0.17.13, which stems from an uncapped skip field in the built-in label-sheet...
CVE-2022-3355
Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...