Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-44298

Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin ROLESYSTEADMIN and the permission uploadinvoicetemplate can upload PDF invoice templates, which can call pdfContext.setOption'associatedfiles', ... inside the sandboxe...

4.9CVSS5.4AI score0.00278EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 10:22 p.m.13 views

EUVD-2026-28517

Kimai has an arbitrary file read in its invoice PDF renderer admin...

4.9CVSS5.9AI score0.00278EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

kimai 路径遍历漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developers. Versions of Kimai from 2.32.0 to 2.56.0 contained a path traversal vulnerability. This vulnerability occurred when system administrator users with the “uploadinvoicetemplate” permission uploaded...

4.9CVSS5.9AI score0.00278EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/14 1:6 a.m.6 views

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the getApiToken method when rendering invoice templates via the Twig sandbox environment. An attacker can access hashed API tokens of users by embedding calls to this method in a custom invoice...

2CVSS5.7AI score
Exploits0References2
CNVD
CNVD
added 2025/11/18 12:0 a.m.3 views

WordPress WooCommerce PDF Invoice Builder plugin missing license vulnerability

WordPress WooCommerce PDF Invoice Builder plugin is designed for WooCommerce e-commerce platform invoice and packing slip generation tool, support customized templates, multi-language, conditional generation and other features, to help merchants create professional documents in line with the bran...

4.3CVSS6.8AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2021/11/23 6:16 p.m.18 views

GHSA-GF2C-93HM-R9J5 Cross-site Scripting in kimai2

kimai2 is vulnerable to Cross-Site Request Forgery CSRF in deleting invoice templates. This vulnerability is capable of tricking admin user to delete invoice templates...

4.3CVSS4.5AI score0.00382EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/11/23 6:16 p.m.32 views

Cross-site Scripting in kimai2

kimai2 is vulnerable to Cross-Site Request Forgery CSRF in deleting invoice templates. This vulnerability is capable of tricking admin user to delete invoice templates...

4.3CVSS5AI score0.00382EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/11/22 7:57 a.m.15 views

Cross-Site Request Forgery (CSRF)

kevinpapst/kimai2 is vulnerable to cross-site request forgery. An attacker can delete invoice templates through the deleteCommentAction function in CustomerController.php...

4.3CVSS4.3AI score0.00382EPSS
Exploits1References4Affected Software1
Huntr
Huntr
added 2021/11/15 7:43 a.m.13 views

Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2

Description CSRF in deleting invoice templates Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking admin user to delete invoice templates...

4.3CVSS0.9AI score0.00382EPSS
Exploits1
Rows per page
Query Builder