504 matches found
SUSE SLES12 Security Update : samba (SUSE-SU-2026:2073-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2073-1 advisory. This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3238:...
CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2022-41656
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...
CVE-2022-41656
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...
CVE-2022-41656 WordPress Account Manager for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...
CVE-2022-41656 WordPress Account Manager for WooCommerce plugin <= 2.1.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...
EUVD-2022-55994
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...
PT-2026-44035
Missing Authorization vulnerability in Bizswoop Account Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Account Manager for WooCommerce: from n/a through 2.1.2...
WordPress plugin Account Manager for WooCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-31069
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
CVE-2026-31069
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
CVE-2026-31069
The CVE-2026-31069 entry concerns BillaBear (versions before Jan 2026) with a SQL Injection in the EventRepository. The root cause is unsafely interpolating user-controlled identifiers (filter names and aggregation property keys) into SQL via sprintf(), while values are parameterized. An authenti...
CVE-2026-31069
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
PT-2026-41942
Name of the Vulnerable Software and Affected Versions BillaBear versions prior to Jan 2026 Description An issue exists in the EventRepository where user-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using the sprintf function withou...
billabear 安全漏洞
Billabear is an open-source self-hosted subscription management and billing system developed by Billabear. There is a security vulnerability in Billabear, which stems from the fact that the names of user-controlled metric filters and aggregation properties in the EventRepository are directly...
CVE-2026-31069
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
CVE-2026-31069
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
EUVD-2026-30946
BillaBear all versions prior to Jan 2026 contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf without proper sanitization or identifier quoting. Although...
CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability
...
CVE-2026-32079 Web Account Manager Information Disclosure Vulnerability
...