Lucene search
+L

4 matches found

cvelist
cvelist
added 2026/07/06 10:45 p.m.33 views

CVE-2026-53642 FOSSBilling: Unverified clients can access client-area pages when email confirmation is required

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS0.00226EPSS
Exploits0References1
cve
cve
added 2026/07/06 10:45 p.m.16 views

CVE-2026-53642

FOSSBilling versions 0.5.6–0.7.2 expose a page‑level access control flaw: when Require Email Confirmation is on, a logged‑in client with email_approved = 0 can access any /client/* page and read real account data (wallet balances, transaction history). The API enforces restrictions correctly to p...

5.3CVSS6AI score0.00226EPSS
Exploits0References1
osv
osv
added 2026/07/06 10:45 p.m.4 views

CVE-2026-53642 FOSSBilling: Unverified clients can access client-area pages when email confirmation is required

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverified email address emailapproved = 0 can access all client-area pages e.g. /client/balance,...

5.3CVSS6AI score0.00226EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/02/09 12:0 a.m.12 views

PolarLearn 访问控制错误漏洞

PolarLearn is an online learning platform developed by PolarNL. Versions of PolarLearn prior to 0-PRERELEASE-16 contain access control vulnerability issues. This vulnerability stems from the use of WebSocket in group chats without the need for login, which may allow unverified clients to subscrib...

10CVSS5.8AI score0.00286EPSS
Exploits1References2
Rows per page
Query Builder