Lucene search
K

5 matches found

NVD
NVD
added yesterday5 views

CVE-2026-53644

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...

8.6CVSS0.00038EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-53641

FOSSBilling versions 0.6.0–0.7.2 contain a stored XSS vulnerability in the client email history views. Email HTML content is rendered into a JavaScript template literal via the |raw filter, bypassing output escaping, allowing an admin to inject JavaScript payloads that execute in a client’s brows...

4.8CVSS5.9AI score0.00043EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51591

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A query-construction flaw in client list endpoints allows authenticated clients to bypass tenant scoping and retrieve data from other clients. The issue occurs in the getSearchQuery functions of...

7.1CVSS5.8AI score0.00282EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51584

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.21 through 0.7.2 Description An Insecure Direct Object Reference IDOR exists in the support ticket creation workflow. An authenticated client can create a support ticket that references an order belonging to another...

5.1CVSS5.8AI score0.00265EPSS
Exploits0References6
OSV
OSV
added 2025/03/01 10:15 a.m.5 views

CVE-2025-1786

A vulnerability was found in rizinorg rizin up to 0.7.4. It has been rated as critical. This issue affects the function msfstreamdirectoryfree in the library /librz/bin/pdb/pdb.c. The manipulation of the argument -P leads to buffer overflow. Local access is required to approach this attack. The...

7.8CVSS7AI score
Exploits0References6
Rows per page
Query Builder