26 matches found
CVE-2019-25756
Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...
EUVD-2026-34175
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
CVE-2026-40495
FOSSBilling prior to 0.8.0 leaks the exact system version via asset cache buster parameters in HTML output. The version is embedded in the query string of every [removed] and tag created by the script_tag and stylesheet_tag Twig filters, making it visible to all visitors, including unauthenticat...
CVE-2026-40495 FOSSBilling version exposed via asset cache buster
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
CVE-2026-40495
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every...
CVE-2026-40495 FOSSBilling version exposed via asset cache buster
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every a...
CVE-2026-42051
CVE-2026-42051 affects Kirby CMS. The issue: the /api/system endpoint exposed installed Kirby version and license data to authenticated users due to missing authorization. It is patched in Kirby 4.9.0 and 5.4.0, with the fix enforcing the access.system permission to restrict exposure. Impact is а...
Curl 7.33.0 < 8.19.0 Token Leak with Redirect and Netrc
The version of curl installed on the remote host is 7.33.0 prior to 8.19.0. It is, therefore, affected by a token leak with redirect and netrc vulnerability: - When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a redirect to a second URL, curl could leak that...
EUVD-2002-0405
Malware in sbrugna...
EUVD-2002-0242
Malware in sbrugna...
EUVD-2002-0863
Malware in sbrugna...
EUVD-2002-2170
Malware in sbrugna...
EUVD-2023-37456
Malicious code in bioql PyPI...
EUVD-2022-44937
Malicious code in bioql PyPI...
EUVD-2025-24820
Malicious code in bioql PyPI...
EUVD-2023-42802
Malicious code in bioql PyPI...
EUVD-2022-34105
Malicious code in bioql PyPI...
EUVD-2024-50409
Malicious code in bioql PyPI...
SUSE: Security Advisory (SUSE-SU-2025:01939-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-26691
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission...