CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/12 8:16 p.m.•10 views

CVE-2026-43872

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

5.3CVSS0.00303EPSS

Vulnrichment•added 2026/06/12 7:5 p.m.•4 views

CVE-2026-43872 actual-server has a path traversal vulnerability

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

5.3CVSS5.3AI score0.00303EPSS

EUVD•added 2026/06/12 7:5 p.m.•7 views

EUVD-2026-36548

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

5.3CVSS5.3AI score0.00303EPSS

EUVD•added 2026/06/12 6:58 p.m.•8 views

EUVD-2026-36547

Actual is an open-source personal finance application. In the macOS desktop application version 25.x built on Electron 39.2.7, the ELECTRONRUNASNODE fuse is not disabled, allowing an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app binary wit...

4.8CVSS5.6AI score0.00126EPSS

Positive Technologies•added 2026/06/12 12:0 a.m.•14 views

PT-2026-48964

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description Several endpoints in this open-source personal finance application are affected by path traversal, a condition where an attacker can access files and directories that are stored outside the web root...

5.3CVSS5.3AI score0.00303EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:38 p.m.•7 views

CVE-2026-34306

Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft component: Projects. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN...

6.5CVSS7.3AI score0.00261EPSS

RedhatCVE•added 2026/06/05 7:38 p.m.•8 views

CVE-2026-34300

Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...

6.5CVSS7.3AI score0.00291EPSS

The Hacker News•added 2026/06/02 9:5 a.m.•9 views

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing delivery - a ZIP...

6AI score

OSV•added 2026/05/21 1:6 a.m.•4 views

MAL-2026-4666 Malicious code in seedcode-facturacion-electronica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366dad27b664f3be411dc07609ee2f6f6b73a3cbc179d7c0105f20ce8bc77d3e The package advertises itself as a client for submitting El Salvador electronic invoices DTEs directly to the Ministerio de Hacienda. In practice, th...

OSSF Malicious Packages•added 2026/05/21 12:0 a.m.•10 views

Malicious code in defi-threat-scanner (npm)

A coordinated supply-chain attack comprising 10 npm packages published by maintainer ddjidd5640 [email protected] within a 48-hour window 2026-05-19T03:55Z – 2026-05-21T04:31Z. All packages masquerade as legitimate Web3/DeFi developer security tools MCP servers while silently exfiltrating...

OSV•added 2026/05/21 12:0 a.m.•4 views

Exploits0References16

MAL-2026-4219 Malicious code in wallet-security-checker (npm)

Snyk•added 2026/05/18 2:14 p.m.•4 views

Exploits0References14

Malicious Package

Overview zentra-finance is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

OSSF Malicious Packages•added 2026/05/18 2:14 p.m.•10 views

Malicious code in zentra-finance (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b833dfa46f91b8537af5e04715675ef60a49270099067e825bdfcef719f564d The package zentra-finance was found to contain malicious code. Source: ghsa-malware 228654b7f668112317f2dd72a3aaf2d32bdaf470caa1d55d060f31c737ac2dd1...

OSV•added 2026/05/18 2:14 p.m.•4 views

MAL-2026-3832 Malicious code in zentra-finance (npm)

Trend Micro Simply Security•added 2026/05/11 12:0 a.m.•6 views

Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

TrendAI™ Research has identified two emerging threat campaigns—SHADOW-AETHER-040 and SHADOW-AETHER-064—that use agentic AI to drive intrusion operations against government and financial organizations in Latin America, marking these among the first cases we have observed of AI agents executing...

HackRead•added 2026/05/06 1:42 p.m.•7 views

Building Strategic Advantage With Integrated Planning

Siloed planning slows decisions and hides risk. Integrated business planning connects finance, demand, supply, and strategy into a single disciplined cycle...

Imperva Blog•added 2026/04/29 7:3 a.m.•3 views

Bad Bot Report 2026: The Internet Is No Longer Human and It’s Changing How Business Works

For decades, companies have operated on a simple assumption that most internet traffic came from people. That assumption no longer holds. The latest 2026 Bad Bot Report: Bad Bots in the Agentic Age reinforces a shift that is now impossible to ignore. Automated traffic continues to outpace human...

5.9AI score