| CVE-2013-4510 |
high |
— |
7.8 |
|
|
|
13y ago |
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a r… |
| CVE-2012-0215 |
medium |
— |
5.5 |
|
|
|
14y ago |
model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authent… |
| CVE-2016-1241 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors. |
| CVE-2017-0360 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerabil… |
| CVE-2016-1242 |
medium |
4.4 |
4.4 |
|
|
|
10y ago |
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary file… |
| CVE-2015-0861 |
medium |
4.3 |
4.3 |
|
|
|
10y ago |
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write… |
| CVE-2025-66424 |
unknown |
— |
— |
|
|
|
6mo ago |
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70. |
| CVE-2025-66422 |
unknown |
— |
— |
|
|
|
6mo ago |
trytond allows remote attackers to obtain sensitive trace-back (server setup) information |
| CVE-2025-66423 |
unknown |
— |
— |
|
|
|
6mo ago |
trytond does not enforce access rights for the route of the HTML editor. |
| CVE-2014-6633 |
unknown |
— |
— |
|
|
|
4y ago |
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary … |
| CVE-2012-2238 |
unknown |
— |
— |
|
|
|
4y ago |
trytond 2.4: ModelView.button fails to validate authorization |
| CVE-2022-26662 |
unknown |
— |
— |
|
|
|
4y ago |
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (… |
| CVE-2022-26661 |
unknown |
— |
— |
|
|
|
4y ago |
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (pr… |
| CVE-2019-10868 |
unknown |
— |
— |
|
|
|
7y ago |
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field f… |
