Lucene search
K

6 matches found

CVE
CVE
added yesterday14 views

CVE-2026-53647

CVE-2026-53647 affects FOSSBilling 0.5.3–0.7.2 where the Guest serviceapikey/get_info endpoint is accessible without authentication. An unauthenticated caller with a valid API key can retrieve all custom_* fields stored in the key’s database record, potentially exposing pricing tiers, feature fla...

6.9CVSS5.9AI score0.00062EPSS
Exploits1References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-41947

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Guest API invoice/update endpoint is missing an authorization check present in other invoice-related endpoints, allowing an unauthenticated user with knowledge of an invoice hash to modify the...

7.7CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:1 p.m.18 views

CVE-2026-33543 FOSSBilling: Authentication bypass allows unauthenticated administrator creation

FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already...

9.3CVSS0.00289EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/07 1:46 p.m.4 views

CVE-2025-59716

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

5.3CVSS7AI score0.00908EPSS
Exploits1References1
EUVD
EUVD
added 2025/11/05 12:0 a.m.6 views

EUVD-2025-37881

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/email/token endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user...

5.3CVSS6.4AI score0.00908EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.5 views

PT-2023-32768 · Sourcecodester · Sourcecodester Wedding Guest E-Book

Name of the Vulnerable Software and Affected Versions: SourceCodester Wedding Guest e-Book version 1.0 Description: A vulnerability was found in SourceCodester Wedding Guest e-Book, affecting an unknown part of the file "/endpoint/add-guest.php". The manipulation of the name argument leads to...

6.1CVSS4.8AI score0.00579EPSS
Exploits0References6
Rows per page
Query Builder