58 matches found
CVE-2026-14791 crater-invoice-inc crater Invoice Note InvoicesRequest.php getFormattedString cross site scripting
A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...
CVE-2026-14791
CVE-2026-14791 affects crater-invoice-inc crater up to 6.0.6. The vulnerability exists in the function getFormattedString of app/Http/Requests/InvoicesRequest.php within the Invoice Note Handler . Manipulating the argument notes may lead to cross-site scripting (XSS) . The attack can be launched ...
EUVD-2026-41802
A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...
CVE-2022-0515
Cross-Site Request Forgery CSRF in GitHub repository crater-invoice/crater prior to 6.0.4...
CVE-2022-0242
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0...
EUVD-2022-0491
Malicious code in bioql PyPI...
EUVD-2022-0743
Malicious code in bioql PyPI...
EUVD-2022-15643
Malicious code in bioql PyPI...
EUVD-2022-15642
Malicious code in bioql PyPI...
EUVD-2022-24382
Malicious code in bioql PyPI...
CVE-2024-55556
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...
CVE-2022-0514
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5...
CVE-2022-1033
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6...
CVE-2022-1032
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6...
CVE-2022-0203
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2...
CVE-2024-55556
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...
CVE-2024-55556
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...
CVE-2024-55556
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...
CVE-2024-55556
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...
CVE-2024-55556
A CVE in Crater Invoice (InvoiceShelf/META: Laravel cookie-based session deserialization) enables unauthenticated remote code execution when an attacker obtains Laravel APP_KEY. Public docs describe that manipulating the laravel_session cookie, which contains serialized session data encrypted wit...