Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10 matches found

RedhatCVE
RedhatCVEadded 2025/11/29 1:1 a.m.4 views

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

5CVSS6.8AI score0.00043EPSS
Exploits0References1
NVD
NVDadded 2025/11/28 4:16 a.m.3 views

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

5CVSS0.00043EPSS
Exploits0References5
OSV
OSVadded 2025/11/28 4:16 a.m.2 views

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

5CVSS6.8AI score
Exploits0References5
CVE
CVEadded 2025/11/28 12:0 a.m.8 views

CVE-2025-66370

Kivitendo is vulnerable to an XML External Entity (XXE) injection in versions prior to 3.9.2. An attacker can upload a ZUGFeRD electronic invoice to read and exfiltrate files from the server filesystem. Root cause: improper XML parser handling of external entities. Affected product: Kivitendo ERP...

5CVSS6.5AI score0.00043EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/11/28 12:0 a.m.2 views

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

5CVSS6.5AI score0.00043EPSS
Exploits0References5
EUVD
EUVDadded 2025/11/28 12:0 a.m.3 views

EUVD-2025-199851

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

5CVSS6.3AI score0.00043EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/11/28 12:0 a.m.4 views

CVE-2025-66370

Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem...

5CVSS0.00043EPSS
Exploits0References5
CNNVD
CNNVDadded 2025/11/28 12:0 a.m.1 views

kivitendo-erp 代码问题漏洞

kivitendo-erp is a kivitendo open source enterprise resource planning system. A code issue vulnerability exists in kivitendo-erp versions prior to 3.9.2, which stems from an XXE injection attack that may result when uploading electronic invoices in ZUGFeRD format...

5CVSS7.1AI score0.00043EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2025/11/28 12:0 a.m.2 views

PT-2025-48312

Name of the Vulnerable Software and Affected Versions Kivitendo versions prior to 3.9.2 Description Kivitendo is susceptible to an XML External Entity XXE injection. An attacker can exploit this by uploading an electronic invoice in the ZUGFeRD format, potentially allowing them to read and...

5CVSS7.6AI score0.00043EPSS
Exploits0References9
Openbugbounty
Openbugbountyadded 2022/11/30 3:37 p.m.11 views

zugferd-community.net Cross Site Scripting vulnerability OBB-3080420

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder