Lucene search
K
NestersoftWorktime

5 matches found

CVE
CVE
added 2026/02/19 10:48 a.m.18 views

CVE-2025-15560

CVE-2025-15560 : An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server “widget” API endpoint to inject SQL queries. If the backend uses Firebird , the attacker can retrieve all data from the database. If the backend uses MSSQL , the attacker can exe...

8.8CVSS6.2AI score0.00251EPSS
CVE
CVE
added 2026/02/19 10:45 a.m.17 views

CVE-2025-15559

Summary: CVE-2025-15559 affects NesterSoft WorkTime. An unauthenticated OS command injection in the server API endpoint used to generate/download the WorkTime client (parameter: “guid”) allows execution of arbitrary commands on the WorkTime server with NT AUTHORITY\SYSTEM privileges, potentially ...

9.8CVSS6.1AI score0.00441EPSS
CVE
CVE
added 2026/02/19 10:53 a.m.17 views

CVE-2025-15561

CVE-2025-15561 concerns the WorkTime monitoring daemon. An attacker can escalate local privileges to NT AUTHORITY\SYSTEM by placing a malicious WTWatch.exe into C:\ProgramData\wta\ClientExe (writable by Everyone); the daemon then executes it with SYSTEM privileges due to its update behavior. Affe...

7.8CVSS5.6AI score0.00104EPSS
CVE
CVE
added 2026/02/19 10:54 a.m.11 views

CVE-2025-15562

CVE-2025-15562 is a reflected cross-site scripting vulnerability affecting NesterSoft WorkTime. The issue occurs at the server API endpoint /report/internet/urls, which reflects user-supplied data into the HTML response without proper encoding or filtering. This can allow an attacker to execute a...

6.1CVSS6AI score0.00156EPSS
CVE
CVE
added 2026/02/19 11:1 a.m.11 views

CVE-2025-15563

Technical details about CVE-2025-15563 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

5.3CVSS5.5AI score0.00257EPSS