Lucene search
K

4 matches found

OSV
OSV
added 2026/02/24 8:13 p.m.4 views

GHSA-M2CQ-XJGM-F668 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints

Summary Missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction information. Impact This vulnerability allows an unauthenticated attack...

9.2CVSS5.8AI score0.00395EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/24 2:59 p.m.1 views

CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints

Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction...

9.2CVSS5.9AI score0.00395EPSS
Exploits1References2
CVE
CVE
added 2026/02/24 2:59 p.m.17 views

CVE-2026-27584

ActualBudget Server is affected by CVE-2026-27584 due to missing authentication middleware in the server component, allowing unauthenticated access to SimpleFIN and Pluggy.ai integration endpoints. An attacker can read bank account balances and transaction histories for users configured with thes...

9.2CVSS5.5AI score0.00395EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.9 views

PT-2026-21761

Name of the Vulnerable Software and Affected Versions ActualBudget versions prior to 26.2.1 Description A missing authentication check in the ActualBudget server component allows unauthenticated users to access the SimpleFIN and Pluggy.ai integration endpoints. This allows an attacker to read...

9.2CVSS5.4AI score0.00395EPSS
Exploits1References12
Rows per page
Query Builder