14 matches found
EUVD-2026-39542
Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers...
Exploit for CVE-2026-54596
CVE-2026-54596 - Authenticated SQL Injection via recurringinv...
CVE-2026-7093
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
CVE-2026-7093
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
EUVD-2026-25782
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
CVE-2026-7093
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
CVE-2026-7093 code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
CVE-2026-7093
CVE-2026-7093 affects the code-projects Invoice System in Laravel 1.0 . The vulnerability exists in the Invoice Endpoint, specifically an unspecified function under the path /invoice/ where manipulating the argument ID leads to improper authorization. It is a network‑accessible issue with LOW to ...
PT-2026-35361
A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...
CVE-2025-9168 SolidInvoice Invoice Creation invoice cross site scripting
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2025-27980
The set of connected records confirm CVE-2025-27980 affects CashBook v4.0.3, where an arbitrary file read is possible through the API endpoint /api/entry/flow/invoice/show?invoice=. The vulnerability exposes confidential data (CVE metrics indicate Confidentiality Impact: High, Integrity: Low, Ava...
PT-2024-39097 · Unknown · Sourcecodester Simple Invoice Generator System
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Invoice Generator System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /save invoice.php. The manipulation of the arguments invoice code, customer, cashier,...
CVE-2024-1294
The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer...
CVE-2022-29749
Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=deleteinvoice...