CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/02/26 10:36 p.m.•2 views

EUVD-2026-8913

hoppscotch is an open source API development ecosystem. Prior to version 2026.2.0, any logged-in user can read, modify or delete another user's personal environment by ID. user-environments.resolver.ts:82-109, updateUserEnvironment mutation uses @UseGuardsGqlAuthGuard but is missing the @GqlUser...

8.3CVSS5.6AI score0.00022EPSS

Exploits1References2

RedhatCVE•added 2026/02/20 1:22 a.m.•1 views

CVE-2026-26270

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane latest version that allows an authenticated user with permissions to manage Invoice Groups to inject malicious JavaScript into...

5.4CVSS5.6AI score0.00011EPSS

Exploits0References1

NVD•added 2026/02/18 11:16 p.m.•3 views

CVE-2026-26270

5.4CVSS0.00011EPSS

Exploits0References2

Vulnrichment•added 2026/02/18 11:1 p.m.•3 views

CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting

5.4CVSS5.5AI score0.00011EPSS

Exploits0References2

OSV•added 2026/02/18 11:1 p.m.•2 views

CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting

5.4CVSS5.6AI score0.00011EPSS

Exploits0References4

Cvelist•added 2026/02/18 11:1 p.m.•19 views

CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting

5.4CVSS0.00011EPSS

Exploits0References2

CVE•added 2026/02/18 11:1 p.m.•8 views

CVE-2026-26270

CVE-2026-26270 affects InvoicePlane. A Stored XSS exists in the Identifier Format field, exploitable by an authenticated user with Invoice Group management permissions. The malicious script runs when users view the invoice list or the dashboard. A fix is available in Version 1.7.1. If your setup ...

5.4CVSS5.5AI score0.00011EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/02/18 12:0 a.m.•3 views

InvoicePlane 跨站脚本漏洞

InvoicePlane is an open-source application developed by InvoicePlane. It provides a self-hosted open-source tool for managing your quotes, invoices, customers, and payments. Version 1.7.0 of InvoicePlane contains a cross-site scripting vulnerability. This vulnerability arises when authenticated...

5.4CVSS5.7AI score0.00011EPSS

Exploits0References2

Positive Technologies•added 2026/02/18 12:0 a.m.•0 views

PT-2026-20554

Name of the Vulnerable Software and Affected Versions InvoicePlane versions prior to 1.7.1 Description InvoicePlane is an open source application used for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS issue exists that allows an authenticated user with the necessary...

5.4CVSS5.4AI score0.00011EPSS

Exploits0References8