Ezbookkeeping

ezbookkeeping

Vendor: Mayswind • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-65519 1Mayswind 1Ezbookkeeping Feb 20, 2026 Feb 18, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated...Show more mayswind ezbookkeeping versions 1.2.0 and earlier contain a critical vulnerability in JSON and XML file import processing. The application fails to validate nesting depth during parsing operations, allowing authenticated attackers to trigger denial of service conditions by uploading deeply nested malicious files. This results in CPU exhaustion, service degradation, or complete service unavailability.Show less
CVE-2024-57604 1Mayswind 1Ezbookkeeping Jun 6, 2025 Feb 12, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.
CVE-2024-57603 1Mayswind 1Ezbookkeeping Jun 6, 2025 Feb 12, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting.