Lucene search
K

58 matches found

Cvelist
Cvelist
added 14 hours ago8 views

CVE-2026-14791 crater-invoice-inc crater Invoice Note InvoicesRequest.php getFormattedString cross site scripting

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS
Exploits0References6
CVE
CVE
added 14 hours ago10 views

CVE-2026-14791

CVE-2026-14791 affects crater-invoice-inc crater up to 6.0.6. The vulnerability exists in the function getFormattedString of app/Http/Requests/InvoicesRequest.php within the Invoice Note Handler . Manipulating the argument notes may lead to cross-site scripting (XSS) . The attack can be launched ...

5.1CVSS4.1AI score
Exploits0References6
EUVD
EUVD
added 14 hours ago6 views

EUVD-2026-41802

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS4.1AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.8 views

CVE-2022-0515

Cross-Site Request Forgery CSRF in GitHub repository crater-invoice/crater prior to 6.0.4...

4.3CVSS7AI score0.00422EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:41 a.m.17 views

CVE-2022-0242

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0...

7.2CVSS6.7AI score0.01413EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-0491

Malicious code in bioql PyPI...

7.2CVSS7AI score0.01413EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0743

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.01213EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-15643

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00422EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-15642

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00942EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-24382

Malicious code in bioql PyPI...

7.8CVSS7.2AI score0.0091EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:41 a.m.10 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

9.8CVSS7.6AI score0.4356EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:27 p.m.7 views

CVE-2022-0514

Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...

6.5CVSS6.8AI score0.00942EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 11:3 p.m.9 views

CVE-2022-1033

Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6...

7.8CVSS6.7AI score0.0091EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:53 p.m.8 views

CVE-2022-1032

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6...

7.2CVSS6.8AI score0.01579EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:29 p.m.8 views

CVE-2022-0203

Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2...

7.5CVSS6.7AI score0.01213EPSS
Exploits1References1
NVD
NVD
added 2025/01/07 4:15 p.m.14 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

9.8CVSS0.4356EPSS
Exploits2References3
OSV
OSV
added 2025/01/07 4:15 p.m.3 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

9.8CVSS6AI score0.4356EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/01/07 12:0 a.m.21 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

0.4356EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2025/01/07 12:0 a.m.12 views

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

7.7AI score0.4356EPSS
Exploits2References3
CVE
CVE
added 2025/01/07 12:0 a.m.112 views

CVE-2024-55556

A CVE in Crater Invoice (InvoiceShelf/META: Laravel cookie-based session deserialization) enables unauthenticated remote code execution when an attacker obtains Laravel APP_KEY. Public docs describe that manipulating the laravel_session cookie, which contains serialized session data encrypted wit...

9.8CVSS7.9AI score0.4356EPSS
Exploits2References3
Rows per page
Query Builder