17 matches found
EUVD-2025-31737
Malicious code in bioql PyPI...
CVE-2025-52049
In Frappe ErpNext v15.57.5, the function gettimesheetdetailrate at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the timelog parameter...
CVE-2025-52049
In Frappe ErpNext v15.57.5, the function gettimesheetdetailrate at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the timelog parameter...
CVE-2025-52049
In Frappe ErpNext v15.57.5, the function gettimesheetdetailrate at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the timelog parameter...
CVE-2025-52049
In Frappe ErpNext v15.57.5, the function gettimesheetdetailrate at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the timelog parameter...
PT-2025-39991
Name of the Vulnerable Software and Affected Versions Frappe ErpNext version 15.57.5 Description The get timesheet detail rate function located at erpnext/projects/doctype/timesheet/timesheet.py is susceptible to SQL Injection. This allows an attacker to extract information from databases by...
CVE-2025-52049
In Frappe ErpNext v15.57.5, the function gettimesheetdetailrate at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into the timelog parameter...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ErpNext version v15.57.5, which stems from unvalidated timelog parameters and could lead to SQL injection attacks...
CVE-2025-52049
In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() in erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection via the timelog parameter, enabling an attacker to extract data from the database. Affected component: ERPNext/Frappé Timesheet code path. Root ca...
Linux Distros Unpatched Vulnerability : CVE-2017-15570
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data. CVE-2017-15570 Note...
SUSE CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...
Redmine cross-site scripting vulnerability (CNVD-2017-31958)
Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . A cross-site scripting vulnerability exists in the app/views/timelog/list.html.erb file in Redmine...
CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...
CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...
UBUNTU-CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...
DEBIAN-CVE-2017-15570
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/list.html.erb via crafted column data...
Redmine Information Disclosure Vulnerability
Redmine is a set of open source Web-based project management and defect tracking tools . The tool provides project management , issue tracking and role-based access control and other features . An information acquisition vulnerability exists in the app/views/timelog/form.html.erb file in Redmine....