Lucene search
K

145 matches found

EUVD
EUVD
added 2026/02/25 2:48 a.m.13 views

EUVD-2026-8602

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

5.9CVSS6AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 2:48 a.m.4 views

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

5.9CVSS6AI score0.00259EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 2:48 a.m.8 views

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

5.9CVSS6.1AI score0.00259EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/25 2:48 a.m.29 views

CVE-2026-27629 InvenTree Vulnerable to Server Side Template Injection (SSTI)

InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...

5.9CVSS0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.11 views

PT-2026-21846

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 1.2.3 Description InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom...

8.8CVSS6.1AI score0.00259EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

InvenTree 安全漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.3 contained security vulnerabilities, which were caused by insecure server-side templates. These...

8.8CVSS5.9AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-16786

Malicious code in bioql PyPI...

3.5CVSS6.5AI score0.00281EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-42543

Malicious code in bioql PyPI...

7.3CVSS6.6AI score0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6042

Malicious code in bioql PyPI...

9CVSS9AI score0.01168EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-34399

Malicious code in bioql PyPI...

8.4CVSS6.5AI score0.00751EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-6715

Malicious code in bioql PyPI...

8.2CVSS6.8AI score0.00619EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/06/05 9:18 p.m.13 views

CVE-2025-49000

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS6.5AI score0.00281EPSS
Exploits0References1
NVD
NVD
added 2025/06/03 9:15 p.m.18 views

CVE-2025-49000

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

5.7CVSS0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/03 8:54 p.m.19 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS0.00281EPSS
Exploits0References3
CVE
CVE
added 2025/06/03 8:54 p.m.64 views

CVE-2025-49000

InvenTree (before v0.17.13) has an unbounded skip field in the built-in label-sheet plugin. An authenticated label-printing user can trigger a denial-of-service via memory exhaustion by supplying a large value, as described in CVE-2025-49000. The issue is fixed in v0.17.13 and higher. No workarou...

5.7CVSS6.7AI score0.00281EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/06/03 8:54 p.m.10 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS6.6AI score0.00281EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/03 8:54 p.m.14 views

CVE-2025-49000 InvenTree has uncontrolled memory allocation via built-in label-sheet plugin

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

3.5CVSS3.7AI score0.00281EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.7 views

PT-2025-23674

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.17.13 Description The issue affects the built-in label-sheet plugin, where the skip field lacks an upper bound. This allows any authenticated label-printing user to trigger a denial-of-service via memory exhaustio...

5.7CVSS6.5AI score0.00281EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.6 views

InvenTree 安全漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. It provides powerful low-level inventory control and parts tracking. A security vulnerability exists in InvenTree versions prior to 0.17.13, which stems from an uncapped skip field in the built-in label-sheet...

5.7CVSS6.4AI score0.00281EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/06 12:48 a.m.7 views

CVE-2022-3355

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...

8.2CVSS5.8AI score0.00619EPSS
Exploits1References1
Rows per page
Query Builder