CVE-2026-28685 | Kimai up to 2.50.x /api/invoices/ improper authorization (GHSA-v33r-r6h2-8wr7)

Inserito da Angelo Barbosa | Mar 6, 2026 | CVE

A vulnerability described as critical has been identified in Kimai up to 2.50.x. The impacted element is an unknown function of the file /api/invoices/. Executing a manipulation can lead to improper authorization.

This vulnerability is tracked as CVE-2026-28685. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.

CVE-2026-28685 | Kimai up to 2.50.x /api/invoices/ improper authorization (GHSA-v33r-r6h2-8wr7)

Post correlati

CVE-2024-11188 | Formidable Forms Plugin up to 6.16.1.2 on WordPress cross site scripting

CVE-2025-37926 | Linux Kernel up to 6.12.27/6.14.5/6.15-rc4 ksmbd_session_rpc_open use after free

CVE-2024-13187 | Kingsoft WPS Office 6.14.0 on macOS TCC code injection

CVE-2024-47586 | SAP NetWeaver Application Server for ABAP and ABAP Platform HTTP Request null pointer dereference