EUVD-2026-38451

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

CVE-2026-27604

FOSSBilling 0.5.4–0.7.x contains an authorization bypass in the API role handling that permits unauthenticated access to privileged /api/system/* endpoints. The issue maps to the system identity (cron admin), allowing admin API methods without credentials, session, or CSRF tokens. Version 0.8.0 i...

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-32401)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can exploit this vulnerability by sending the 'keyword' parameter to the messages.php file to obtain the...

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-30114)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5.beta5.20120707. A remote attacker can exploit this vulnerability by sending the 'returnto' parameter to the fun.php file durin...

Wireless IP Camera (P2P) WIFICAM Remote Command Execution Vulnerability

Wireless IP Camera P2P WIFICAM is a wireless IP camera. Wireless IP Camera P2P WIFICAM Remote Command Execution Vulnerability A remote command execution vulnerability exists in insetftp.cgi in the FTP Configuration Public Gateway Interface CGI. An attacker can use the ftp administrator identity t...