Product
nestersoft worktime
5 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-15563
CVE-2025-15562
CVE-2025-15561
CVE-2025-15560
CVE-2025-15559
<= 11.8.8
Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime
<= 11.8.8
The server API endpoint /report/internet/urls reflects received data into the HTML response without applying proper encoding or f
<= 11.8.8
An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Auth
<= 11.8.8
An authenticated attacker with minimal permissions can exploit a SQL injection in the WorkTime server "widget" API endpoint to inj
<= 11.8.8
An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call