Lucene search
K

1287 matches found

NVD
NVD
added last week10 views

CVE-2026-53645

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has...

8.5CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added last week34 views

CVE-2026-53645 FOSSBilling's missing self-edit prevention in staff permission management allows persistent privilege escalation

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has...

8.5CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added last week14 views

CVE-2026-53645

CVE-2026-53645 affects FOSSBilling prior to 0.8.0. A low-privileged staff member with staff.create_and_edit_staff can call /api/admin/staff/permissions_update to modify their own permissions, bypassing RBAC and enabling persistent privilege escalation. Version 0.8.0 patches the issue. Workarounds...

8.5CVSS6AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-53645

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has...

8.5CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-53643 FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root cause is a combination of the canalwaysaccess module flag which grants all staff access to certain...

8.7CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added last week8 views

CVE-2026-53643

FOSSBilling (free/open-source billing and client management system) is affected in versions prior to 0.8.0. The vulnerability arises from a combination of a can_always_access module flag that grants broad access to certain modules and insufficient permission checks or unsafe parameter handling on...

8.7CVSS6AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added last week33 views

CVE-2026-53640 FOSSBilling missing authorization checks on read-only admin API endpoints expose sensitive staff, client, and redirect data

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission checks. While sibling write endpoints correctly enforce fine-grained permissions, the corresponding...

2.3CVSS0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.7 views

PT-2026-56036

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description Low-privileged staff accounts can perform unauthorized actions through admin API endpoints. This issue stems from the can always access module flag, which grants all staff access to specific...

8.7CVSS6AI score0.00226EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56038

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description A low-privileged staff account can grant arbitrary module permissions to itself, leading to persistent privilege escalation. A user possessing the staff.create and edit staff permission can call...

8.5CVSS6AI score0.0024EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 8:16 a.m.8 views

CVE-2026-12224

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 7:16 a.m.12 views

CVE-2026-11823

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...

7.5CVSS0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 6:51 a.m.8 views

EUVD-2026-40928

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 6:51 a.m.21 views

CVE-2026-12224

The CVE-2026-12224 entry concerns the Dokan Pro plugin for WordPress. The vulnerability arises in the update_capabilities REST endpoint, which accepts arbitrary capability strings from the request body and passes them to WP_User::add_cap() without allowlist validation, with only the caller’s doka...

8.8CVSS5.7AI score0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 6:51 a.m.37 views

CVE-2026-12224 Dokan Pro <= 5.0.4 - Authenticated (Vendor+) Privilege Escalation via update_capabilities REST Endpoint

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via updatecapabilities REST Endpoint in all versions up to, and including, 5.0.4. This is due to the updatecapabilities REST handler accepting arbitrary capability strings from the request body and passing them directly to...

8.8CVSS0.00246EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 5:35 a.m.39 views

CVE-2026-11823 BookingPress Appointment Booking Pro <= 5.7.1 - Unauthenticated SQL Injection via 'store_service_date' Parameter

The BookingPress Appointment Booking Pro plugin for WordPress is vulnerable to SQL Injection via the 'storeservicedate' parameter of the bpaassignstaffmembertoslots function in versions up to and including 5.7.1. This is due to the explicit use of stripslashesdeep on user-supplied POST data befor...

7.5CVSS0.00285EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-GHOST-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 4:17 a.m.7 views

CVE-2026-2508

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 3:42 a.m.9 views

EUVD-2026-39167

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.34 views

CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 3:42 a.m.12 views

CVE-2026-2508

CVE-2026-2508 affects the Gravity Forms Booking plugin for WordPress, all versions up to and including 2.7.1. The vulnerability is a time-based SQL Injection via the 'staff_id' parameter caused by insufficient escaping and lack of proper query preparation. Authenticated attackers with Subscriber-...

6.5CVSS6AI score0.00241EPSS
Exploits0References3
Rows per page
Query Builder