CVE-2022-26662 — CVSS 7.5 (high): An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and…
CVE-2025-66423 — CVSS 7.1 (high): Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40…
CVE-2025-66424 — CVSS 6.5 (medium): Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
CVE-2019-10868 — CVSS 6.5 (medium): In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before…
CVE-2022-26661 — CVSS 6.5 (medium): An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through…
CVE-2012-0215 — CVSS 5.5 (medium): model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the…
CVE-2025-66422 — CVSS 4.3 (medium): Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11…
CVE-2015-0861 — CVSS 4.3 (medium): model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote…