CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/12/02 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-66422

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.7...

4.3CVSS6AI score0.00054EPSS

Tenable Nessus•added 2025/12/02 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-66424

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. CVE-2025-66424 Note that...

6.5CVSS5.9AI score0.00038EPSS

Exploits0References2

RedhatCVE•added 2025/12/01 2:16 p.m.•1 views

CVE-2025-66422

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

4.3CVSS6.7AI score0.00054EPSS

Exploits1References1

RedhatCVE•added 2025/12/01 2:16 p.m.•2 views

CVE-2025-66424

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

6.5CVSS6.8AI score0.00038EPSS

Exploits0References1

Snyk•added 2025/11/30 3:41 a.m.•2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure through error messages returned by the JSON-RPC API. An attacker can access sensitive trace-back information, including information about the internal network configuration and server setup, by sending malformed...

5.3CVSS6.3AI score0.00054EPSS

vulnersOsv•added 2025/11/30 3:41 a.m.•0 views

trytoncalidae-authentication-dummy (=7.2.0), trytoncalidae-jinja-report (>=7.2.0 <=7.2.1) +211 more potentially affected by CVE-2025-66422 via trytond (=7.2.23)

trytond PYPI version =7.2.23 is affected by a known vulnerability. The following packages have a transitive dependency on trytond and may be impacted: - trytoncalidae-authentication-dummy =7.2.0 - trytoncalidae-jinja-report =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0,...

4.3CVSS5.8AI score0.00054EPSS

vulnersOsv•added 2025/11/30 3:41 a.m.•0 views

akademy-classe (>=1.1.0 <=7.0.0), akademy-classe-evaluation (>=1.3.0 <=7.0.0) +5 more potentially affected by CVE-2025-66422 via trytond (=7.0.0)

trytond PYPI version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on trytond and may be impacted: - akademy-classe =1.1.0, =1.3.0, =1.1.0, =1.1.0, =1.0.0, =1.0.0, =1.1.0, =7.0.0 Source cves: CVE-2025-66422 Source advisory:...

4.3CVSS5.8AI score0.00054EPSS

Snyk•added 2025/11/30 3:39 a.m.•2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the HTML editor route. An attacker can gain unauthorized access to sensitive information and user metadata by sending crafted requests to the affected endpoint. Remediation Upgrade trytond to version 6.0.70,...

7.1CVSS6.5AI score0.00043EPSS

vulnersOsv•added 2025/11/30 3:39 a.m.•0 views

trytoncalidae-authentication-dummy (=7.2.0), trytoncalidae-jinja-report (>=7.2.0 <=7.2.1) +211 more potentially affected by CVE-2025-66423 via trytond (=7.2.23)

7.1CVSS5.8AI score0.00043EPSS

vulnersOsv•added 2025/11/30 3:39 a.m.•0 views

akademy-classe (>=1.1.0 <=7.0.0), akademy-classe-evaluation (>=1.3.0 <=7.0.0) +5 more potentially affected by CVE-2025-66424 via trytond (=7.0.0)

Snyk•added 2025/11/30 3:39 a.m.•1 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the exportrow function of modelstorage.py. An attacker can access sensitive information by exporting data without proper access rights. Remediation Upgrade trytond to version 6.0.70, 7.0.40, 7.4.21, 7.6.11 or...

7.1CVSS6.6AI score0.00038EPSS

Exploits0References2

vulnersOsv•added 2025/11/30 3:39 a.m.•1 views

akademy-classe (>=1.1.0 <=7.0.0), akademy-classe-evaluation (>=1.3.0 <=7.0.0) +5 more potentially affected by CVE-2025-66423 via trytond (=7.0.0)

7.1CVSS5.8AI score0.00043EPSS

vulnersOsv•added 2025/11/30 3:39 a.m.•1 views

trytoncalidae-authentication-dummy (=7.2.0), trytoncalidae-jinja-report (>=7.2.0 <=7.2.1) +211 more potentially affected by CVE-2025-66424 via trytond (=7.2.23)

vulnersOsv•added 2025/11/30 3:30 a.m.•1 views

akademy-classe (>=1.1.0 <=7.0.0), akademy-classe-evaluation (>=1.3.0 <=7.0.0) +5 more potentially affected by CVE-2025-66424 via trytond (=7.0.0)

Github Security Blog•added 2025/11/30 3:30 a.m.•9 views

trytond does not enforce access rights for data export

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...

6.5CVSS6.9AI score0.00038EPSS

Exploits0References4Affected Software1

vulnersOsv•added 2025/11/30 3:30 a.m.•1 views

trytoncalidae-authentication-dummy (=7.2.0), trytoncalidae-jinja-report (>=7.2.0 <=7.2.1) +211 more potentially affected by CVE-2025-66424 via trytond (=7.2.23)