1389772 matches found
CVE-2026-53648
FOSSBilling prior to v0.8.1 stores downloadable product files with a deterministic path md5(), so files with identical names between different products/orders map to the same stored path and can be overwritten by later uploads. This leads to customers/admins downloading the wrong file. Version 0....
CVE-2026-53646
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a ClientPasswordReset record already exists for a client from a previous unexpired reset request, subsequent calls to the resetpassword guest API endpoint reuse the existing token instea...
CVE-2026-53644
FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no longer in an active state e.g., suspended, canceled. The root cause is missing order-state...
CVE-2026-53641
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...
CVE-2026-43925
FOSSBilling (open-source billing/client management) contains an unauthenticated mass assignment vulnerability in the client self-registration endpoint, prior to version 0.8.0. An attacker can assign themselves to an arbitrary client group during sign-up, potentially bypassing group-restricted pro...
CVE-2026-8286
A flaw was found in curl. When a new data transfer attempts to upgrade its connection using STARTTLS, it may incorrectly reuse an existing live connection. This reuse can occur even if the Transport Layer Security TLS configuration of the new transfer does not match the existing connection,...
CVE-2026-54769
creationtimestamp| type| source ---|---|--- 2026-07-06 21:32:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpz22qfgd22g 2026-07-06 22:35:25+00:00| published-proof-of-concept| https://github.com/langroid/langroid/security/advisories/GHSA-q9p7-wqxg-mrhc...
EUVD-2026-41212
Craft CMS: Sensitive File Disclosure / Server-Side File Read...
CVE-2026-42204
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELLSAFECOMMANDPATTERN allowed ampersands in custom Docker Compose build, start, and pre/post-deployment command fields, allowing an...
CVE-2026-14468
Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...
CVE-2026-8932
A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...
EUVD-2026-25014
printenv: environment variables with invalid UTF-8 are silently skipped evades inspection...
GHSA-H6Q6-9HQW-RWFV vulnerabilities
Vulnerabilities for packages: wazuh-dashboard...
GHSA-CRH6-FP67-6883 vulnerabilities
Vulnerabilities for packages: wazuh-dashboard...
EUVD-2026-25018
id: groups= computed from real GID instead of effective GID...
EUVD-2026-24988
mkdir: -m exposes directory with umask perms before chmod race window...
EUVD-2026-41923
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...
CVE-2026-55727
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...
CVE-2026-55727
A flaw in the authentication mechanism for video stream requests in Genetec Security Center 5.14.0.0 prior to build 5.14.178.18 may allow an unauthenticated attacker to access live video streams...
CVE-2026-55727
CVE-2026-55727 affects Genetec Security Center 5.14.0.0 (before build 5.14.178.18). A flaw in the authentication mechanism for video stream requests may allow an unauthenticated attacker to access live video streams. The CVSSv3.1 base score is 7.5 (HIGH) with network attack vector and no user int...