Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

EUVD
EUVDadded 2026/05/09 9:32 p.m.8 views

EUVD-2026-28921

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS5.5AI score0.00038EPSS
Exploits0References5
NVD
NVDadded 2026/05/09 7:16 p.m.10 views

CVE-2026-8193

A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...

6.5CVSS0.00038EPSS
Exploits0References4
NVD
NVDadded 2026/05/08 4:16 a.m.8 views

CVE-2026-44298

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxe...

4.9CVSS0.00071EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/03/31 8:16 p.m.1 views

CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

7.6CVSS5.8AI score0.0005EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/31 8:16 p.m.22 views

CVE-2026-34367 InvoiceShelf: SSRF in Invoice PDF Rendering via Unsanitised HTML in Notes Field

InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery SSRF vulnerability exists in the Invoice PDF generation module. User-supplied HTML in the invoice Notes field i...

7.6CVSS0.0005EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2023/10/30 3:40 p.m.27 views

Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File

Description The laters version of Kimai is found to be vulnerable to a critical Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML...

7.2CVSS8.8AI score0.02482EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2023/10/30 12:0 a.m.2 views

PT-2023-29925 · Kimai · Kimai

Name of the Vulnerable Software and Affected Versions: Kimai versions prior to 2.1.0 Description: Kimai, a web-based multi-user time-tracking application, is vulnerable to a Server-Side Template Injection SSTI which can be escalated to Remote Code Execution RCE. The vulnerability arises when a...

7.2CVSS7.5AI score0.02482EPSS
Exploits1References9
Rows per page
Query Builder