pkg:Packagist/kimai/kimai

所有已知漏洞

• CRITICAL9.8CVE-2023-53957Kimai contains a SameSite cookie vulnerability
  from 0, <= 1.30.10
• CRITICAL9.6CVE-2020-19825Cross-site Scripting in kimai/kimai
  from 0, < 1.1
• HIGH7.2CVE-2023-46245Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
  from 0, < 2.1.0
• MEDIUM6.8CVE-2026-23626Kimai has an Authenticated Server-Side Template Injection (SSTI)
  from 0, < 2.46.0
• MEDIUM6.8CVE-2024-29200Kimai API returns timesheet entries a user should not be authorized to view
  from 0, < 2.13.0
• MEDIUM6.5CVE-2026-28685Kimai's API invoice endpoint missing customer-level access control (IDOR)
  from 0, < 2.51.0
• MEDIUM6.4CVE-2019-25317Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions
  from 0, < 1.1
• MEDIUM5.7CVE-2026-42267Kimai vulnerable to formula Injection via tag names in XLSX export
  >= 2.27.0, < 2.54.0
• MEDIUM5.4CVE-2026-40479Kimai has Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget
  from 0, < 2.53.0
• MEDIUM4.3CVE-2026-40486Kimai's User Preferences API allows standard users to modify restricted attributes: hourly_rate, internal_rate
  from 0, < 2.53.0
• MEDIUM4.1CVE-2026-44298Kimai has an arbitrary file read in its invoice PDF renderer (admin)
  >= 2.32.0, < 2.56
• LOW3.7CVE-2024-4596Kimai information disclosure vulnerability
  from 0, < 2.16.0
• LOW3.3CVE-2026-41498Kimai has Missing Object-Level Authorization in the Team API
  from 0, < 2.54.0