Lucene search
K

45 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2505

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00634EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-42642

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.00825EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2516

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00636EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2464

Malicious code in bioql PyPI...

3.7CVSS4.8AI score0.00599EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.4 views

CVE-2023-38872

An Insecure Direct Object Reference IDOR vulnerability in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment...

3.7CVSS6.9AI score0.00599EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.6 views

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

9.8CVSS7.8AI score0.00825EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:9 a.m.9 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS6.8AI score0.00634EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:20 a.m.10 views

CVE-2023-38871

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

5.3CVSS6.9AI score0.00636EPSS
Exploits1References1
OSV
OSV
added 2023/09/28 6:30 a.m.12 views

GHSA-HQP9-MRJW-7QQ2 Economizzer host header injection vulnerability

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...

8.8CVSS8.7AI score0.00881EPSS
Exploits1References5
OSV
OSV
added 2023/09/28 6:30 a.m.19 views

GHSA-H3QF-V68R-35JG Economizzer user enumeration vulnerability

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

5.3CVSS5.2AI score0.00636EPSS
Exploits1References5
OSV
OSV
added 2023/09/28 6:30 a.m.13 views

GHSA-PQ98-6HF6-3RJ3 Economizzer remote code execution vulnerability

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS9.2AI score0.28487EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/09/28 6:30 a.m.18 views

Economizzer host header injection vulnerability

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server...

8.8CVSS7.3AI score0.00881EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/28 6:30 a.m.19 views

Economizzer remote code execution vulnerability

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS8.4AI score0.28487EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/09/28 4:15 a.m.5 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS5.8AI score0.00634EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/09/28 4:15 a.m.3 views

CVE-2023-38871

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

5.3CVSS5.8AI score0.00636EPSS
Exploits1References4
NVD
NVD
added 2023/09/28 4:15 a.m.27 views

CVE-2023-38874

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS9.2AI score0.28487EPSS
Exploits1References3
OSV
OSV
added 2023/09/28 4:15 a.m.23 views

CVE-2023-38873

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were...

6.5CVSS7AI score0.00634EPSS
Exploits1References3
OSV
OSV
added 2023/09/28 4:15 a.m.26 views

CVE-2023-38874

A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...

8.8CVSS8.6AI score0.28487EPSS
Exploits1References3
OSV
OSV
added 2023/09/28 4:15 a.m.22 views

CVE-2023-38871

The commit 3730880 April 2023 and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or...

5.3CVSS7.2AI score0.00636EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/09/28 4:15 a.m.5 views

CVE-2023-38870

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 April 2023 and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'categoryid' parameter is vulnerable to SQL Injection...

9.8CVSS5.8AI score0.00825EPSS
Exploits1References4
Rows per page
Query Builder