Secure your products with top-tier expert knowledge and advanced Penetration Testing (CREST Approved)

Let's collaborate to build and maintain secure products

We transform threats into trust by integrating advanced tech and expertise in product security. Our approach encompasses Security by Design, rigorous security assurance and penetration testing, and compliance through expert documentation, from design to post-market.

We offer CREST-approved pen testing in EMEA, upholding top security standards.Cyber Legion - CREST Approved

Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software’s PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available. (CVSS:7.2) (EPSS:0.05%) (Last Update:2023-11-08 23:39:37)   Latest security vulnerabilities (Execute Code) (CVSS score >= 6) – Deprecated! See channel description 


More To Explore