Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user accou
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via the API, without requiring "superuser" account ac
InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — includi
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, when INVENTREE_DOWNLOAD_FROM_URL is enabled (opt-in), authenticated users can supply remote_image URLs that are fetch
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch
InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to alloc
CVE-2026-35477
CRITICAL CVSS 9.9
Find Similar
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART_NAME_FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, th
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.6, certain API endpoints associated with bulk data operations can be hijacked to exfiltrate sensitive information from the
InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed t
A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php
Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a thr
A vulnerability was detected in Devs Palace ERP Online up to 4.0.0. This affects an unknown function of the file /inventory/customer-save. The manipulation results in cross site scripting. The attack
Admidio is an open-source user management solution. Prior to version 5.0.8, the inventory module's item_save endpoint accepts a user-controllable POST parameter imported that, when set to true, comple
A security flaw has been discovered in Devs Palace ERP Online up to 4.0.0. Affected by this issue is some unknown functionality of the file /inventory/sales_save. The manipulation results in cross sit
A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipul
A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to
A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Na
A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. The impacted element is an unknown function of the file /inventory/supplier-save. The manipulation leads to cross site
A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to
Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. The vulner
Page 1+ Next →