Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.6 views

CVE-2026-33918

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint interface/billing/getclaimfile.php only verifies that the caller has a valid session and CSRF token, but does not check any ACL...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/30 1:22 p.m.10 views

CVE-2025-11632

The Call Now Button – The 1 Click to Call Button for WordPress plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with...

4.3CVSS5AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10275

In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing users to include billing permissions. This can lead to a privilege escalation scenario where an administrator can manag...

7.3CVSS0.00469EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:9 a.m.50 views

CVE-2024-10275

CVE-2024-10275 affects lunary-ai/lunary (v1.5.5). Multiple connected sources confirm an improper privilege management flaw where admins can grant billing permissions to existing users, enabling privilege escalation to access billing resources and bypass RBAC. Root cause: admins without direct bil...

7.3CVSS7.3AI score0.00469EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/06/06 2:15 a.m.6 views

CVE-2023-6968

The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing...

5.4CVSS5.7AI score
Exploits0References2
PyPA
PyPA
added 2020/07/27 6:15 p.m.10 views

PYSEC-2020-264

In "I hate money" before version 4.1.5, an authenticated member of one project can modify and delete members of another project, without knowledge of this other project's private code. This can be further exploited to access all bills of another project without knowledge of this other project's...

4.9CVSS6.8AI score0.01029EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder