Vulnerabilidades em kimai
10 resultadosCVE-2023-46245HIGHKimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig FileEPSS 1.5%CVE-2024-29200MEDIUMAPI returns timesheet entries a user should not be authorized to viewEPSS 0.6%CVE-2023-53957HIGHKimai 1.30.10 SameSite Cookie Vulnerability Session HijackingEPSS 0.5%CVE-2026-28685MEDIUMKimai: API invoice endpoint missing customer-level access control (IDOR)EPSS 0.4%CVE-2026-23626MEDIUMKimai Vulnerable to Authenticated Server-Side Template Injection (SSTI)EPSS 0.4%CVE-2026-44298MEDIUMKimai: Arbitrary file read in invoice PDF renderer (admin)EPSS 0.3%CVE-2026-40486MEDIUMKimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rateEPSS 0.3%CVE-2026-41498LOWKimai: Team API Missing Object-Level AuthorizationEPSS 0.2%CVE-2026-42267MEDIUMKimai: Formula Injection via tag names in XLSX exportEPSS 0.2%CVE-2026-40479MEDIUMKimai: Stored XSS via Incomplete HTML Attribute Escaping in Team Member WidgetEPSS 0.2%