Lucene search
K

695 matches found

Nuclei
Nuclei
added 7 hours ago148 views

Odoo <= 8.0-20160726 & 9.0 - Open Redirect

An Open Redirect vulnerability in Odoo versions = 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL. id: CVE-2017-5871 info: name: Odoo = 8.0-20160726 & 9.0 - Open Redirect author: 1337rokudenashi severity: medium description: | An Open...

5.8CVSS6.2AI score0.02676EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago144 views

Odoo 8.0/9.0/10.0 - Local File Inclusion

Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.fileopen. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2017-9416 info: name: Odoo 8.0/9.0/10.0 -...

6.5CVSS6.8AI score0.05651EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago30 views

Odoo <= 15.0 - Cross-Site Scripting

A cross-site scripting XSS vulnerability in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote attackers to inject arbitrary web scripts into the browser of a victim via a crafted link. This issue could lead to the execution of malicious scripts in the context of t...

6.5CVSS6.8AI score0.0141EPSS
Exploits0References3
Nuclei
Nuclei
added 7 hours ago24 views

Odoo Apps - Cross-Site Scripting via Prototype Pollution

jquery-bbq 1.2.1 contains a prototype pollution caused by improperly controlled modification of object prototype attributes, letting malicious users inject properties into Object.prototype, exploit requires malicious user interaction. id: CVE-2021-20086 info: name: Odoo Apps - Cross-Site Scriptin...

8.8CVSS7AI score0.06104EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 4:16 p.m.15 views

Malicious code in odoo-addon-spp-base (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6e43f21a6bdcbb6cfa1837833232c9888fb8012bd2ebae8607a6d08eaee9f06 No suspicious behaviors were observed in this package. There are no install-time or import-time network calls, no credential or filesystem access...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/08 4:16 p.m.10 views

MAL-2026-5367 Malicious code in odoo-addon-spp-base (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6e43f21a6bdcbb6cfa1837833232c9888fb8012bd2ebae8607a6d08eaee9f06 No suspicious behaviors were observed in this package. There are no install-time or import-time network calls, no credential or filesystem access...

6.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.12 views

CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS5.4AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 9:16 a.m.42 views

CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS0.00135EPSS
Exploits0References8
CVE
CVE
added 2026/05/15 7:46 a.m.28 views

CVE-2026-8425

CVE-2026-8425 describes a Cross-Site Request Forgery in the WordPress Notify Odoo plugin (versions ≤ 1.0.1). The root cause is missing or incorrect nonce validation on the _updateSettings function, enabling unauthenticated attackers to alter the Notify Odoo URL and related settings (notification,...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.11 views

CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/15 7:46 a.m.11 views

CVE-2026-8425 Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/15 7:46 a.m.29 views

EUVD-2026-30520

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/15 7:46 a.m.56 views

CVE-2026-8425 Notify Odoo <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS0.00135EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

WordPress plugin Notify Odoo 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.17 views

PT-2026-41280

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References9
Patchstack
Patchstack
added 2026/05/14 6:52 p.m.11 views

WordPress Notify Odoo plugin <= 1.0.1 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Legion Hunter in WordPress Plugin Notify Odoo versions = 1.0.1...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/03/02 12:0 a.m.6 views

The vulnerability of the Odoo Community Edition CRM system and the Odoo Enterprise Edition ERP system, related to lack of access control, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the CRM system Odoo Community Edition and the ERP system Odoo Enterprise Edition is related to deficiencies in access control. Exploiting these vulnerabilities can allow unauthorized individuals to gain unauthorized access to protected information...

8.5CVSS5.8AI score0.0064EPSS
Exploits1References2Affected Software2
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.201 views

Odoo - Cross-Site Scripting

Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint. id: CVE-2023-1434 info: name: Odoo - Cross-Si...

6.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.5 views

CVE-2026-25137

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

9.1CVSS5.3AI score0.09528EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 11:16 p.m.16 views

CVE-2026-25137

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

9.1CVSS0.09528EPSS
Exploits0References3
Rows per page
Query Builder