Trytond
by Tryton
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-0861 | Med | 0.28 | 4.3 | 0.00 | Apr 13, 2016 | model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. | |
| CVE-2025-66424 | 0.00 | — | 0.00 | Nov 30, 2025 | Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. | ||
| CVE-2025-66422 | 0.00 | — | 0.00 | Nov 30, 2025 | Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. | ||
| CVE-2025-66423 | 0.00 | — | 0.00 | Nov 30, 2025 | Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. | ||
| CVE-2012-2238 | 0.00 | — | 0.00 | Nov 21, 2019 | trytond 2.4: ModelView.button fails to validate authorization | ||
| CVE-2012-0215 | 0.00 | — | 0.01 | Jul 12, 2012 | model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call. |