Package impact
COMPOSER / kimai/kimai
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42267 | medium | 5.7 | 5.7 | 29d ago | Kimai vulnerable to formula Injection via tag names in XLSX export | |||
| CVE-2026-28685 | medium | — | 5.5 | 3mo ago | Kimai's API invoice endpoint missing customer-level access control (IDOR) | |||
| CVE-2026-44298 | medium | 4.9 | 4.9 | 26d ago | Kimai has an arbitrary file read in its invoice PDF renderer (admin) |