Known Vulnerabilities for Kimai by Kimai
Listed below are 3 of the newest known vulnerabilities associated with "Kimai" by "Kimai".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40486 json | Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /ap... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2026-40479 json | Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEs... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2023-46245 json | Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template ... | 7.2 - HIGH | 2023-10-31 | 2023-11-08 |
| CVE-2021-43515 json | CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Desc... | 7.8 - HIGH | 2022-04-08 | 2022-04-14 |
| CVE-2020-19825 json | Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 in /src/Twig/Runtime/MarkdownExtension.php, allows attac... | 9.6 - CRITICAL | 2023-02-15 | 2023-02-23 |