EUVD-2026-36547

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

L'Oréal L'Oréal Finance app has unauthorized access vulnerability

L'Oréal Finance app is the news app of L'Oréal Group, which allows users to browse the latest L'Oréal Group financial information in English and French on L'Oréal Finance. An unauthorized access vulnerability exists in the L'Oréal L'Oréal Finance app. An attacker could exploit the vulnerability t...

Shanghai HOLLOW Investment Management Co., Ltd APP - HOLLOW Financial has arbitrary number login vulnerability

HOLLOW FINANCE APP is an investment and financing mobile app. Shanghai HaoLu Investment Management Co. HaoLu Financial APP has an arbitrary number login vulnerability, the vulnerability is due to the program failed to limit the number of times the verification code is sent and the valid time. An...

Stored Cross-Site Scripting Vulnerability in Xiao Zhuge Financial App

Xiao Zhuge Finance APP is a comprehensive Internet financial management platform. Xiao Zhuge Financial APP has a stored cross-site scripting vulnerability, which can be exploited by attackers to insert malicious xxs code and obtain sensitive information such as administrator cookies...

GAzie 5.20 - Cross-Site Request Forgery

GAzie 5.20 - Cross-Site Request Forgery ======================================== GAzie Date: 5/02/2012 Site: http://www.giudinvx.altervista.org/ -------------------------------------------------------- @Application Info: Multicompany finance application written in PHP using a MySql database backe...