MAL-2026-4666 Malicious code in seedcode-facturacion-electronica (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 366dad27b664f3be411dc07609ee2f6f6b73a3cbc179d7c0105f20ce8bc77d3e The package advertises itself as a client for submitting El Salvador electronic invoices DTEs directly to the Ministerio de Hacienda. In practice, th...

EUVD-2026-23356

The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::createpaymentintentfortransaction action is registered as a public action no authentication required an...

CVE-2025-64012

InvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returning invoice data...

InvoicePlane 安全漏洞

InvoicePlane is an application from InvoicePlane Open Source. Provides a self-hosted open source application for managing your quotes, invoices, customers and payments. InvoicePlane suffers from a security vulnerability that stems from improper access control and could lead to invoice data leakag...

Barts Health NHS Confirms Cl0p Ransomware Behind Data Breach

Barts Health NHS confirms Cl0p ransomware breach via Oracle flaw. Invoice data exposed. Patient records and clinical systems remain unaffected...

WordPress VikRentCar Car Rental Management System plugin <= 1.3.2 - Sensitive Data Exposure via Invoices vulnerability

Sensitive Data Exposure via Invoices vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin VikRentCar versions = 1.3.2...

Webkul Software Bagisto Security Vulnerability

Webkul Software Bagisto is an open source e-commerce framework from Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto version v.1.5.0, which stems from an insecure direct object reference IDOR issue that allows an attacker to obtain sensitive information v...

PT-2024-12552 · Bagisto · Bagisto

Name of the Vulnerable Software and Affected Versions: Bagisto versions 1.5.0 through 1.5.1 Description: The issue allows an attacker to obtain sensitive information via the invoice ID parameter, which is an example of an Insecure Direct Object Reference IDOR. This means that an attacker can...

InvoicePlane 1.4.10 File Upload / Cross Site Scripting Vulnerabilities

InvoicePlane version 1.4.10 suffers from cross site scripting and remote file upload vulnerabilities. title: Arbitrary File Upload & Stored XSS product: InvoicePlane vulnerable version: 1.4.10 fixed version: 1.5.2 CVE number: - impact: High homepage: https://invoiceplane.com/ found: 2017-04-10 by...