Browse all 10 CVE security advisories affecting kimai. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Kimai is an open-source time-tracking application designed for businesses to monitor employee working hours and project costs. Historically, it has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation flaws. The application's web interface has frequently contained input validation weaknesses allowing attackers to execute unauthorized commands or steal session data. While no major public incidents have been widely documented, the seven recorded CVEs highlight consistent security concerns in areas like authentication, access control, and data sanitization. Its modular architecture, while flexible, introduces potential attack surfaces through plugins and extensions that may not undergo rigorous security review.
CVE-2025-414982026-05-08CVE-2026-42572026-05-08CVE-2025-442982026-05-08CVE-2026-404862026-04-18CVE-2026-236262026-01-20Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with kimai. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.