CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

98 matches found

CVE-2026-43926

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS

Exploits0References2

NVD•added yesterday•3 views

CVE-2026-40495

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...

6.9CVSS

Exploits0References2

CVE•added yesterday•11 views

CVE-2026-43924

Summary: CVE-2026-43924 affects FOSSBilling prior to v0.8.0, where the Redirect module does not validate URL schemes for administrator-configured redirect targets, allowing open redirects. This can cause legitimate user traffic to be redirected to attacker-controlled sites via a 301 response (bro...

4.8CVSS5.9AI score

Exploits0References2

ATTACKERKB•added yesterday•4 views

CVE-2026-43924

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

4.8CVSS5.9AI score

Exploits0References3Affected Software1

Cvelist•added yesterday•14 views

CVE-2026-43924 FOSSBilling has an open redirect via administrator-configured redirect targets

4.8CVSS

Exploits0References2

ATTACKERKB•added yesterday•3 views

CVE-2026-40495

6.9CVSS5.8AI score

Exploits0References3Affected Software1

Vulnrichment•added yesterday•1 views

CVE-2026-40495 FOSSBilling version exposed via asset cache buster

6.9CVSS

Exploits0References2

EUVD•added yesterday•2 views

EUVD-2026-34175

6.9CVSS5.8AI score

Exploits0References2

Cvelist•added yesterday•13 views

CVE-2026-40495 FOSSBilling version exposed via asset cache buster

6.9CVSS

Exploits0References2

CVE•added yesterday•8 views

CVE-2026-40495

FOSSBilling prior to 0.8.0 leaks the exact system version via asset cache buster parameters in HTML output. The version is embedded in the query string of every [removed] and tag created by the script_tag and stylesheet_tag Twig filters, making it visible to all visitors, including unauthenticat...

6.9CVSS5.8AI score

Exploits0References2

Nuclei•added yesterday•20 views

FOSSBilling < 0.5.3 - Cross-Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository fossbilling/fossbilling prior to 0.5.4. id: CVE-2023-3521 info: name: FOSSBilling &datefrom='" HTTP/1.1 Host: Hostname matchers-condition: and matchers: - type: word part: body words:...

6.1CVSS6.1AI score0.18964EPSS

Exploits1References2

Positive Technologies•added yesterday•5 views

PT-2026-46060

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description FOSSBilling leaks the exact system version through asset cache buster parameters in HTML output, which bypasses the hide version public security setting. The version is embedded in the query stri...

6.9CVSS5.8AI score

Exploits0References4

Positive Technologies•added yesterday•5 views

PT-2026-46062

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The Redirect module fails to validate the URL scheme of destination URLs configured by administrators before they are stored or issued. This allows the configuration of arbitrary external URLs as...

4.8CVSS5.8AI score

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-44061

Malicious code in bioql PyPI...

6.8CVSS6.2AI score0.00109EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-43905

Malicious code in bioql PyPI...

6.5CVSS5.6AI score0.00091EPSS

Exploits1References2