Lucene search
K

341 matches found

NVD
NVD
added yesterday3 views

CVE-2026-57418

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...

6.5CVSS0.0034EPSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-57418

CVE-2026-57418 covers a Missing Authorization vulnerability in the WordPress/plugin set associated with Sprout Invoices, specifically the Sprout Invoices Client Invoicing (WordPress plugin, versions up to 20.8.13). The root cause is an Incorrectly Configured Access Control , described as broken a...

6.5CVSS6.1AI score0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-57418 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through = 20.8.13...

6.5CVSS0.0034EPSS
Exploits0References1
Patchstack
Patchstack
added 6 days ago5 views

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by she11f in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.13...

6.5CVSS6.1AI score0.0034EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/23 4:39 p.m.5 views

WordPress Devs Accounting – Simple Accounting and Invoicing Solution plugin <= 1.2.0 - Missing Authorization to Unauthenticated Account Deletion vulnerability

Missing Authorization to Unauthenticated Account Deletion vulnerability discovered by jamaal in WordPress Plugin Devs Accounting – Simple Accounting and Invoicing Solution versions = 1.2.0...

5.3CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/11 6:55 p.m.15 views

EUVD-2026-36301

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the apitokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a...

8.1CVSS5.5AI score0.00197EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/27 8:14 p.m.17 views

CVE-2026-9412

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.18 views

CVE-2026-9414

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.11 views

CVE-2026-9411

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:13 p.m.12 views

CVE-2026-9413

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS4.2AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 2:16 a.m.28 views

CVE-2026-9413

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS0.00263EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 2:16 a.m.18 views

CVE-2026-9414

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS0.00191EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 2:16 a.m.16 views

CVE-2026-9411

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

6.5CVSS0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/05/25 2:16 a.m.21 views

CVE-2026-9412

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

6.5CVSS0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/25 1:30 a.m.43 views

CVE-2026-9414 SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS0.00191EPSS
Exploits0References5
CVE
CVE
added 2026/05/25 1:30 a.m.23 views

CVE-2026-9414

CVE-2026-9414 affects SourceCodester’s Indian Invoicing System (invoices module) specifically the Invoice Template Render Database-Backed component. A vulnerability in add_order.php allows manipulation of the customer_name parameter to trigger cross-site scripting (XSS). The flaw is exploitable r...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/25 1:30 a.m.12 views

EUVD-2026-31616

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/25 1:30 a.m.7 views

CVE-2026-9414

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 1:30 a.m.8 views

CVE-2026-9414 SourceCodester Indian Invoicing System Invoice Template Render Database-Backed add_order.php cross site scripting

A security flaw has been discovered in SourceCodester Indian Invoicing System up to 0.x/1.0. The impacted element is an unknown function of the file /Invoicing/addorder.php of the component Invoice Template Render Database-Backed. The manipulation of the argument customername results in cross sit...

5.1CVSS4.2AI score0.00191EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/25 1:15 a.m.45 views

CVE-2026-9413 SourceCodester Indian Invoicing System category.php cross site scripting

A vulnerability was identified in SourceCodester Indian Invoicing System 1.0. The affected element is an unknown function of the file /Invoicing/category.php. The manipulation of the argument msg leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS0.00263EPSS
Exploits0References5
Rows per page
Query Builder