5 matches found
CVE-2026-53644
FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...
CVE-2026-53641
FOSSBilling versions 0.6.0–0.7.2 contain a stored XSS vulnerability in the client email history views. Email HTML content is rendered into a JavaScript template literal via the |raw filter, bypassing output escaping, allowing an admin to inject JavaScript payloads that execute in a client’s brows...
PT-2026-51591
Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A query-construction flaw in client list endpoints allows authenticated clients to bypass tenant scoping and retrieve data from other clients. The issue occurs in the getSearchQuery functions of...
PT-2026-51584
Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.21 through 0.7.2 Description An Insecure Direct Object Reference IDOR exists in the support ticket creation workflow. An authenticated client can create a support ticket that references an order belonging to another...
CVE-2025-1786
A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msfstreamdirectoryfree in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The...