Lucene search
K

1389772 matches found

CVE
CVE
added yesterday6 views

CVE-2026-53648

FOSSBilling prior to v0.8.1 stores downloadable product files with a deterministic path md5(), so files with identical names between different products/orders map to the same stored path and can be overwritten by later uploads. This leads to customers/admins downloading the wrong file. Version 0....

5.1CVSS5.9AI score0.00039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-53646

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...

7.7CVSS6AI score0.00041EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-53644

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...

8.6CVSS6AI score0.00038EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-53641

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS5.9AI score0.00043EPSS
Exploits0References2Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-43925

FOSSBilling (open-source billing/client management) contains an unauthenticated mass assignment vulnerability in the client self-registration endpoint, prior to version 0.8.0. An attacker can assign themselves to an arbitrary client group during sign-up, potentially bypassing group-restricted pro...

6.9CVSS6.1AI score0.00081EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday2 views

CVE-2026-8286

A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...

8.1CVSS5.8AI score0.00196EPSS
Exploits0References6
Circl
Circl
added yesterday4 views

CVE-2026-54769

creationtimestamp| type| source ---|---|--- 2026-07-06 21:32:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpz22qfgd22g 2026-07-06 22:35:25+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc...

5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-41212

Craft CMS: Sensitive File Disclosure / Server-Side File Read...

6CVSS5.9AI score0.00268EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-42204

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...

8.8CVSS6AI score
Exploits0References5Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-14468

Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...

7.7CVSS6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00129EPSS
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-25014

printenv: environment variables with invalid UTF-8 are silently skipped evades inspection...

4.4CVSS5.9AI score0.0017EPSS
Exploits1References6
Chainguard
Chainguard
added yesterday4 views

GHSA-H6Q6-9HQW-RWFV vulnerabilities

Vulnerabilities for packages: wazuh-dashboard...

5.9AI score
Exploits0
Chainguard
Chainguard
added yesterday5 views

GHSA-CRH6-FP67-6883 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard...

5.9AI score
Exploits0
EUVD
EUVD
added yesterday6 views

EUVD-2026-25018

id: groups= computed from real GID instead of effective GID...

4.4CVSS5.9AI score0.00108EPSS
Exploits1References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-24988

mkdir: -m exposes directory with umask perms before chmod race window...

3.3CVSS5.9AI score0.00102EPSS
Exploits0References5
EUVD
EUVD
added yesterday4 views

EUVD-2026-41923

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-55727

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-55727

A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...

7.5CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-55727

CVE-2026-55727 affects Genetec Security Center 5.14.0.0 (before build 5.14.178.18). A flaw in the authentication mechanism for video stream requests may allow an unauthenticated attacker to access live video streams. The CVSSv3.1 base score is 7.5 (HIGH) with network attack vector and no user int...

7.5CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder