CVE-2026-43872

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

CVE-2026-43872 actual-server has a path traversal vulnerability

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

EUVD-2026-36548

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue...

PT-2026-48964

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description Several endpoints in this open-source personal finance application are affected by path traversal, a condition where an attacker can access files and directories that are stored outside the web root...

Yet Another Free Financial Application 安全漏洞

Yet Another Free Financial Application is a self-hosted web application for personal financial management and planning developed by Kantorgge’s individual developers. Version 2.0.0 of Yet Another Free Financial Application contains a security vulnerability. This vulnerability stems from the “Add...

EUVD-2024-1910

Malicious code in bioql PyPI...

Economizzer Security Vulnerabilities

Economizzer is a simple and open source personal finance management system using PHP Yii Framework 2 by Gustavo G. Andrade, an individual developer. A security vulnerability exists in Economizzer v.0.9-beta1, which stems from an insecure direct object reference vulnerability that could allow an...

Economizzer Security Vulnerabilities

Economizzer is a simple and open source personal finance management system using PHP Yii Framework 2 by Gustavo G. Andrade, an individual developer. A security vulnerability exists in Economizzer v.0.9-beta1, which is vulnerable to clickjacking attacks...

They Were ‘Calling to Help.’ Then They Stole Thousands

When my mom fell victim to a phone scam, we learned a painful truth: The explosion of personal finance apps makes it all too easy to target vulnerable people...

firefly-iii Cross-Site Request Forgery Vulnerability

firefly-iii is a free open source personal finance manager. A cross-site request forgery vulnerability exists in firefly-ii, which can be exploited by attackers to launch cross-site request forgery CSRF attacks...

firefly-iii 跨站请求伪造漏洞

firefly-iii is a free open source personal finance manager. A cross-site request forgery vulnerability exists in firefly-ii, which can be exploited by attackers to launch cross-site request forgery CSRF attacks...

firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2022-19846)

firefly-iii is a free and open source personal finance software. firefly-iii suffers from a cross-site request forgery vulnerability, which originates when a WEB application does not sufficiently validate that a request is from a trusted user, and can be exploited by an attacker to send an...

firefly-iii 代码问题漏洞

firefly-iii is a free and open source personal finance manager. firefly-iii suffers from a code issue vulnerability that stems from the program being vulnerable to an unrestricted upload of dangerous types of files. No detailed vulnerability details are currently available...

firefly-iii 跨站请求伪造漏洞

firefly-iii is a free open source personal finance manager. A cross-site request forgery vulnerability exists in firefly-iii, which can be exploited by an attacker to send unintended requests to the server...

firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2021-101213)

firefly-iii is a free and open source personal finance manager. firefly-iii suffers from a cross-site request forgery vulnerability, which can be exploited by attackers to conduct cross-site request forgery attacks...

firefly-iii Cross-site Request Forgery Vulnerability (CNVD-2021-101215)

firefly-iii is a free and open source personal finance manager. firefly-iii is vulnerable to cross-site request forgery, and no detailed vulnerability details are currently available...

firefly-iii 跨站请求伪造漏洞

firefly-iii is a free and open source personal finance manager. firefly-iii suffers from a cross-site request forgery vulnerability, which can be exploited by attackers to conduct cross-site request forgery attacks...

Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30452)

Firefly III is a free, open source, self-hosted personal finance manager. A stored cross-site scripting vulnerability exists in Firefly III 4.7.17.3. The vulnerability stems from a lack of filtering of user-supplied data in the asset account name field. An attacker can exploit the vulnerability t...

Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30779)

Firefly III is an open source personal financial management system. A cross-site scripting vulnerability exists in Firefly III versions prior to 4.7.17.3, which can be exploited by an attacker to execute client-side code...

MoneyWiz 2 ~ Personal Finance - Dangerous filesystem permissions, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application MoneyWiz 2 Personal Finance published at the 'play' market has multiple vulnerabilities...