Lucene search
K

72 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2528

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00881EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2505

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00634EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2516

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00636EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2464

Malicious code in bioql PyPI...

3.7CVSS4.8AI score0.00599EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42642

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00825EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.4 views

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS6.9AI score0.00599EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.8 views

CVE-2023-38874

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS8.4AI score0.28487EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.8 views

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

9.8CVSS7.8AI score0.00825EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.9 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS6.8AI score0.00634EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:20 a.m.11 views

CVE-2023-38871

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

5.3CVSS6.9AI score0.00636EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:17 a.m.8 views

CVE-2023-38877

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...

8.8CVSS7.1AI score0.00881EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.73 views

📄 Economizzer 0.9-beta1 Session Invalidation

Economizzer version 0.9-beta1 fails to properly invalidate user sessions. A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2025/05/19 12:0 a.m.88 views

📄 Economizzer 0.9-beta1 Cross Site Scripting

Economizzer version 0.9-beta1 suffers from multiple persistent cross site scripting vulnerabilities. A persistent cross-site scripting XSS vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry vi...

6.8AI score
Exploits0
OSV
OSV
added 2023/09/28 6:30 a.m.19 views

GHSA-H3QF-V68R-35JG Economizzer user enumeration vulnerability

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

5.3CVSS5.2AI score0.00636EPSS
Exploits1References5
OSV
OSV
added 2023/09/28 6:30 a.m.14 views

GHSA-896V-PH5W-379H Economizzer Insecure Direct Object Reference vulnerability

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS4AI score0.00599EPSS
Exploits1References5
OSV
OSV
added 2023/09/28 6:30 a.m.12 views

GHSA-HQP9-MRJW-7QQ2 Economizzer host header injection vulnerability

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...

8.8CVSS8.7AI score0.00881EPSS
Exploits1References5
OSV
OSV
added 2023/09/28 6:30 a.m.13 views

GHSA-PQ98-6HF6-3RJ3 Economizzer remote code execution vulnerability

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS9.2AI score0.28487EPSS
Exploits1References5
OSV
OSV
added 2023/09/28 6:30 a.m.22 views

GHSA-GC95-5MMP-MP6J Economizzer vulnerable to Clickjacking

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS6.3AI score0.00634EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/09/28 6:30 a.m.20 views

Economizzer host header injection vulnerability

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...

8.8CVSS7.3AI score0.00881EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/28 6:30 a.m.19 views

Economizzer remote code execution vulnerability

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS8.4AI score0.28487EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder