Lucene search
K

6 matches found

CVE
CVE
added yesterday6 views

CVE-2026-43928

FOSSBilling PayPalEmail integration before 0.8.0 credits mc_gross from IPN without validating against the invoice total, combined with a $0.05 epsilon in the credit logic, enabling underpayment of up to $0.04 while marking invoices as paid. Version 0.8.0 patches the issue. No public workaround ex...

2.3CVSS5.9AI score0.00094EPSS
Exploits0References1
Veracode
Veracode
added 2025/12/13 7:22 a.m.5 views

XML External Entity (XXE) Injection

peppolpy is vulnerable to XML External Entity XXE injection. The vulnerability is due to insecure Saxon XML parser configuration, where external entities are allowed during XML invoice validation, enabling attackers to read local files and exfiltrate their contents to a remote host...

5CVSS5.7AI score0.00299EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/11/28 6:32 a.m.4 views

GHSA-24HM-WM2H-H8W7 Peppol-py is vulnerable to XXE attacks due to Saxon configuration

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

5CVSS6.8AI score0.00299EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/11/28 12:0 a.m.4 views

PT-2025-48313

Name of the Vulnerable Software and Affected Versions Peppol-py versions prior to 1.1.1 Description Peppol-py before version 1.1.1 contains a flaw due to the Saxon configuration that allows for XML External Entity XXE attacks. When processing XML-based invoices, the XML parser is susceptible to...

5CVSS6.7AI score0.00299EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/11/28 12:0 a.m.7 views

CVE-2025-66371

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

5CVSS0.00299EPSS
Exploits0References4
EUVD
EUVD
added 2025/11/28 12:0 a.m.5 views

EUVD-2025-199852

Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host...

5CVSS6.4AI score0.00299EPSS
Exploits0References3
Rows per page
Query Builder