Security
Headlines

Headlines Latest CVEs

Headline

GHSA-p3p5-xrmv-4j6x: trytond does not enforce access rights for the route of the HTML editor.

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

2 days ago

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-66423

trytond does not enforce access rights for the route of the HTML editor.

High severity GitHub Reviewed Published Nov 30, 2025 to the GitHub Advisory Database • Updated Dec 2, 2025

Package

pip trytond (pip)

Affected versions

>= 7.5.0, < 7.6.11

>= 7.1.0, < 7.4.21

>= 7.0.0, < 7.0.40

>= 6.0.0, < 6.0.70

Patched versions

7.6.11

7.4.21

7.0.40

6.0.70

Description

Published to the GitHub Advisory Database

Nov 30, 2025

ghsa: Latest News

GHSA-69jw-4jj8-fcxm: gokey allows secret recovery from a seed file without the master password

57 minutes ago

GHSA-g2jx-37x6-6438: arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints

58 minutes ago

GHSA-8fr4-5q9j-m8gm: vLLM vulnerable to remote code execution via transformers_utils/get_config

1 hour ago

GHSA-9h52-p55h-vw2f: Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

2 hours ago

GHSA-w48q-cv73-mx4w: Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

2 hours ago