Lucene search
K

718 matches found

Nuclei
Nuclei
added 14 hours ago13 views

WP Finance Plugin <= 1.3.6 - Cross-Site Scripting

WP Finance WordPress plugin = 1.3.6 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before output, letting attackers execute scripts in high privilege users' browsers, exploit requires victim to click a malicious link. id: CVE-2024-13097 info:...

5.4CVSS7AI score0.00674EPSS
Exploits1References2
NVD
NVD
added last week8 views

CVE-2026-50179

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS0.00286EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:58 p.m.6 views

CVE-2026-50179

Actual is a local-first personal finance tool. Prior to 26.6.0, exportToCSV and exportQueryToCSV in packages/loot-core/src/server/transactions/export/export-to-csv.ts pass user-controlled Payee, Notes, Account, and Category strings to csv-stringify with no cast callback and no formula-prefix...

4.2CVSS6AI score0.00286EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56243

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.7.0 Description A missing authorization issue allows a shared user with user access on a budget file to perform file management actions reserved for the owner or an administrator. This occurs because the...

7.2CVSS6.1AI score0.00246EPSS
Exploits0References10
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-398 llama-index-packs-finchat SQL Injection vulnerability

A vulnerability in the FinanceChatLlamaPack of the llama-index-packs-finchat package, versions up to v0.3.0, allows for SQL injection in the runsqlquery function of the databaseagent. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code...

10CVSS8AI score0.01311EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2026/06/15 7:32 p.m.20 views

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview aka Famous Chollima, HexagonalRodent, and Void Dokkaebi. According to a report published by Proofpoint, the threat actor has...

6.9AI score
Exploits0
NVD
NVD
added 2026/06/12 8:16 p.m.14 views

CVE-2026-43872

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

5.3CVSS0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 7:5 p.m.10 views

EUVD-2026-36548

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

5.3CVSS5.3AI score0.00303EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 7:5 p.m.6 views

CVE-2026-43872 actual-server has a path traversal vulnerability

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

5.3CVSS5.3AI score0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:58 p.m.12 views

EUVD-2026-36547

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS5.6AI score0.00126EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48964

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description Several endpoints in this open-source personal finance application are affected by path traversal, a condition where an attacker can access files and directories that are stored outside the web root...

5.3CVSS5.3AI score0.00303EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.9 views

CVE-2026-34306

Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft component: Projects. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN...

6.5CVSS7.3AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34300

Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...

6.5CVSS7.3AI score0.00291EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/02 9:5 a.m.12 views

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing delivery - a ZIP...

6AI score
Exploits0
OSV
OSV
added 2026/05/21 1:6 a.m.7 views

MAL-2026-4666 Malicious code in seedcode-facturacion-electronica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366dad27b664f3be411dc07609ee2f6f6b73a3cbc179d7c0105f20ce8bc77d3e The package advertises itself as a client for submitting El Salvador electronic invoices DTEs directly to the Ministerio de Hacienda. In practice, th...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 12:0 a.m.13 views

Malicious code in defi-threat-scanner (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References16
OSV
OSV
added 2026/05/21 12:0 a.m.10 views

MAL-2026-4219 Malicious code in wallet-security-checker (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

5.8AI score
Exploits0References14
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/18 2:14 p.m.12 views

Malicious code in zentra-finance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b833dfa46f91b8537af5e04715675ef60a49270099067e825bdfcef719f564d The package zentra-finance was found to contain malicious code. Source: ghsa-malware 228654b7f668112317f2dd72a3aaf2d32bdaf470caa1d55d060f31c737ac2dd1...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/18 2:14 p.m.6 views

Malicious Package

Overview zentra-finance is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/18 2:14 p.m.9 views

MAL-2026-3832 Malicious code in zentra-finance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b833dfa46f91b8537af5e04715675ef60a49270099067e825bdfcef719f564d The package zentra-finance was found to contain malicious code. Source: ghsa-malware 228654b7f668112317f2dd72a3aaf2d32bdaf470caa1d55d060f31c737ac2dd1...

5.8AI score
Exploits0References1
Rows per page
Query Builder