Whisper Money security vulnerability

Whisper Money is an open-source personal finance application developed by Whisper Money. Versions of Whisper Money prior to 0.1.5 contained a security vulnerability caused by insecure direct object references, which could allow users to update or create bank account balances for other users...

PT-2026-3500

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue...

PT-2024-37817 · Provd +2 · Provd +2

Name of the Vulnerable Software and Affected Versions: provd versions prior to 0.1.5 Description: An issue was discovered in provd with a setuid binary, which allows a local attacker to escalate their privilege. Recommendations: For versions prior to 0.1.5, update to version 0.1.5 or later to...

PT-2022-16057 · Python +1 · Tarfile.Tarfile +1

Name of the Vulnerable Software and Affected Versions: GuardDog versions prior to 0.1.5 Description: The issue allows an attacker to write an arbitrary file on the machine where GuardDog is executed due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanne...

ALPINE-CVE-2019-16403

In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values such as address, review, orders, etc. can also be manipulated by other customers...

CVE-2017-18590

The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues...