CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

204 matches found

EUVD•added 2026/02/04 7:59 p.m.•4 views

EUVD-2026-5360

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

8.7CVSS5.6AI score0.00473EPSS

Exploits3References2

ATTACKERKB•added 2026/02/04 7:59 p.m.•3 views

CVE-2026-25514

8.7CVSS5.6AI score0.00473EPSS

Exploits3References3Affected Software1

OSV•added 2026/02/04 7:59 p.m.•4 views

CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions

8.7CVSS5.6AI score0.00473EPSS

Exploits3References4

CNNVD•added 2026/02/04 12:0 a.m.•4 views

FacturaScripts 安全漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.81 contained security vulnerabilities. These vulnerabilities stemmed from the automatic completion feature, where user-provided parameters were directly...

8.8CVSS6.1AI score0.00473EPSS

Exploits3References2

CNNVD•added 2026/02/04 12:0 a.m.•6 views

FacturaScripts 安全漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.81 contained security vulnerabilities. These vulnerabilities stemmed from the use of the sort parameter in the REST API, which was directly concatenated into the...

8.8CVSS6.1AI score0.00473EPSS

Exploits3References2

Github Security Blog•added 2026/02/03 6:17 p.m.•8 views

FacturaScripts has SQL Injection in Autocomplete Actions

Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...

8.8CVSS6.1AI score0.00473EPSS

Exploits3References4Affected Software1

Snyk•added 2026/02/03 6:17 p.m.•2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the all function. An attacker can extract sensitive information from the database, including user credentials, configuration settings, and business data by injecting malicious SQL queries through user-controlled...

8.8CVSS5.8AI score0.00473EPSS

Exploits3References2

Snyk•added 2026/02/03 6:14 p.m.•4 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sort parameter in API endpoints, which is processed by the getOrderBy function. An attacker can execute arbitrary SQL queries and extract sensitive database information by supplying crafted input to the API while...

8.8CVSS6.1AI score0.00473EPSS

Exploits3References2

Github Security Blog•added 2026/02/03 6:14 p.m.•10 views

FacturaScripts has SQL Injection in API ORDER BY Clause

Summary FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy method where user-supplied sorting parameters are directly...

8.8CVSS6.2AI score0.00473EPSS

Exploits3References4Affected Software1

Positive Technologies•added 2026/02/03 12:0 a.m.•6 views

PT-2026-6306

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description FacturaScripts is enterprise resource planning and accounting software. Versions prior to 2025.81 contain a critical SQL injection issue in the autocomplete functionality. Authenticated...

8.7CVSS5.7AI score0.00473EPSS

Exploits3References14

Positive Technologies•added 2026/02/03 12:0 a.m.•5 views

PT-2026-6462

8.7CVSS6.2AI score0.00473EPSS

Exploits3References5

Positive Technologies•added 2026/02/03 12:0 a.m.•6 views

PT-2026-6305

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description FacturaScripts, an open-source enterprise resource planning and accounting software, contains a critical SQL injection issue in its REST API. Authenticated API users can execute arbitrary SQ...

8.3CVSS6AI score0.00473EPSS

Exploits3References9

NVD•added 2026/02/02 11:16 p.m.•6 views

CVE-2026-23476

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to 2025.8, there a reflected XSS bug in FacturaScripts. The problem is in how error messages get displayed. Twig's | raw filter is used, which skips HTML escaping. When triggering a database error like passi...

5.4CVSS0.00255EPSS

Exploits1References3

NVD•added 2026/02/02 11:16 p.m.•12 views

CVE-2026-23997

FacturaScripts is open-source enterprise resource planning and accounting software. In 2025.71 and earlier, a Stored Cross-Site Scripting XSS vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity...

9CVSS0.00385EPSS

Exploits1References1

CVE•added 2026/02/02 8:49 p.m.•11 views

CVE-2026-23476

Summary: CVE-2026-23476 affects FacturaScripts prior to 2025.8, due to a reflected XSS in error messages rendered with Twig’s raw filter. The bug arises when a database error includes user input (e.g., via the code parameter in endpoints like /EditProducto?code=) and the template Core/View/Macro/...

5.4CVSS5.4AI score0.00255EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/02/02 8:49 p.m.•2 views

CVE-2026-23476 FacturaScripts Affected by Reflected XSS

5.4CVSS5.4AI score0.00255EPSS

Exploits1References3

Cvelist•added 2026/02/02 8:49 p.m.•32 views

CVE-2026-23476 FacturaScripts Affected by Reflected XSS

5.4CVSS0.00255EPSS

Exploits1References3

OSV•added 2026/02/02 8:49 p.m.•5 views

CVE-2026-23476 FacturaScripts Affected by Reflected XSS

5.4CVSS5.4AI score0.00255EPSS

Exploits1References5

Vulnrichment•added 2026/02/02 8:19 p.m.•4 views

CVE-2026-23997 FacturaScripts has a Stored Cross-Site Scripting (XSS) in "Observations" field via History View

8CVSS5.9AI score0.00385EPSS

Exploits1References1

CVE•added 2026/02/02 8:19 p.m.•18 views

CVE-2026-23997

CVE-2026-23997 is a Stored XSS in FacturaScripts’ Observations field rendered in the History view. The root cause is improper HTML entity encoding when displaying historical data, allowing an attacker to execute arbitrary JavaScript in an admin’s browser. Public docs (GitHub/GHSA advisories, Red ...

9CVSS5.9AI score0.00385EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by