VYPR

time@work

by SystemsWork

CVEs (1)

  • CVE-2025-59920HigFeb 18, 2026
    risk 0.56cvss epss 0.00

    When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request…