VYPR
Vendor

Kivitendo

Products
1
CVEs
1
Across products
1
Status
Private

Products

1

Recent CVEs

1
  • CVE-2025-66370MedNov 28, 2025
    risk 0.33cvss 5.0epss 0.00

    Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server's filesystem.