7 matches found
GHSA-M2CQ-XJGM-F668 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints
Summary Missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction information. Impact This vulnerability allows an unauthenticated attack...
CVE-2026-27584
ActualBudget Server is affected by CVE-2026-27584 due to missing authentication middleware in the server component, allowing unauthenticated access to SimpleFIN and Pluggy.ai integration endpoints. An attacker can read bank account balances and transaction histories for users configured with thes...
CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints
Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction...
CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints
Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction...
PT-2026-21761
Name of the Vulnerable Software and Affected Versions ActualBudget versions prior to 26.2.1 Description A missing authentication check in the ActualBudget server component allows unauthenticated users to access the SimpleFIN and Pluggy.ai integration endpoints. This allows an attacker to read...
Whisper Money security vulnerability
Whisper Money is an open-source personal finance application developed by Whisper Money. Versions of Whisper Money prior to 0.1.5 contained a security vulnerability caused by insecure direct object references, which could allow users to update or create bank account balances for other users...
Unspecified Vulnerability in USAA Mobile Banking Application
USAA Mobile Banking application for Android is a suite of USAA mobile banking applications for the Android platform. A security vulnerability exists in versions of the USAA Mobile Banking application for Android platform prior to 7.10.1, which stems from the program displaying the most recently...