bookgy CVE Vulnerabilities & Metrics

Focus on bookgy vulnerabilities and metrics.

Last updated: 25 Nov 2025, 23:25 UTC

About bookgy Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with bookgy. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total bookgy CVEs: 5
Earliest CVE date: 29 Apr 2025, 16:15 UTC
Latest CVE date: 29 Apr 2025, 16:15 UTC

Latest CVE reference: CVE-2025-40619

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical bookgy CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 5
4.0-6.9 0
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS bookgy CVEs

These are the five CVEs with the highest CVSS scores for bookgy, sorted by severity first and recency.

All CVEs for bookgy

CVE-2025-40619 bookgy vulnerability CVSS: 0 29 Apr 2025, 16:15 UTC

Bookgy does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authentication, to reach private areas and/or areas intended for other roles.

CVE-2025-40618 bookgy vulnerability CVSS: 0 29 Apr 2025, 16:15 UTC

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDRESERVA"  parameter in /bkg_imprimir_comprobante.php

CVE-2025-40617 bookgy vulnerability CVSS: 0 29 Apr 2025, 16:15 UTC

SQL injection vulnerability in Bookgy. This vulnerability could allow an attacker to retrieve, create, update and delete databases by sending an HTTP request through the "IDTIPO", "IDPISTA" and "IDSOCIO" parameters in /bkg_seleccionar_hora_ajax.php.

CVE-2025-40616 bookgy vulnerability CVSS: 0 29 Apr 2025, 16:15 UTC

Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkg_imprimir_comprobante.php.

CVE-2025-40615 bookgy vulnerability CVSS: 0 29 Apr 2025, 16:15 UTC

Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/api_ajustes.php.