Lucene search
K

6 matches found

cvelist
cvelist
added 2026/06/06 3:28 a.m.40 views

CVE-2026-8611 Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter

The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoiceid' parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

4.3CVSS0.00234EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/06/06 12:0 a.m.12 views

WordPress plugin Klamra Paycal for Aspaclaria 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.6AI score0.00234EPSS
Exploits0References9
nvd
nvd
added 2024/06/14 8:15 p.m.23 views

CVE-2024-37889

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6...

6.5CVSS0.01019EPSS
Exploits1References2
cve
cve
added 2024/06/14 7:12 p.m.64 views

CVE-2024-37889

MyFinances vulnerability CVE-2024-37889 affects the MyFinances web application, where a signed-in user can access invoices and PII/financial data from other accounts via a specific method. Root cause details are not fully disclosed in the provided documents beyond the access mechanism; the impact...

6.5CVSS6.3AI score0.01019EPSS
Exploits1References2Affected Software1
osv
osv
added 2024/06/14 7:12 p.m.14 views

CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data

MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6...

6.5CVSS6.6AI score0.01019EPSS
Exploits1References4
cnnvd
cnnvd
added 2022/03/21 12:0 a.m.4 views

Sourcecodester Simple Client Management SystemSQL注入漏洞

Simple Client Management System is a simple web-based application that provides an online platform to manage company customer invoices.Simple Client Management System is vulnerable to SQL injection, which could be exploited by an attacker to dump a carefully crafted HTTP request through the...

9.8CVSS5.8AI score0.01948EPSS
Exploits1References3
Rows per page
Query Builder