Lucene search
+L

23 matches found

cve
cve
added 2026/07/06 10:30 p.m.14 views

CVE-2026-53640

CVE-2026-53640 (FOSSBilling) affects the FOSSBilling project prior to version 0.8.0, where low-privileged staff could read sensitive data via admin API endpoints that lack proper authorization checks on read operations. The issue contrasts with write endpoints that have fine-grained permissions, ...

2.3CVSS6AI score0.00226EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.13 views

PT-2026-56039

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.6 through 0.7.2 Description When a ClientPasswordReset record already exists for a client from a previous unexpired request, subsequent calls to the reset password guest API endpoint reuse the existing token instead of...

7.7CVSS6AI score0.00215EPSS
Exploits1References5
cvelist
cvelist
added 2026/06/23 2:25 p.m.40 views

CVE-2026-27604 FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged /api/system/ endpoints. Because system resolves to the cron admin identity,...

10CVSS0.00408EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/04 12:46 p.m.9 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS5.8AI score0.00217EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/04 12:46 p.m.41 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint /client/reset-password-confirm/:hash is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to /api/ routes...

6.3CVSS0.00217EPSS
Exploits0References2
euvd
euvd
added 2026/04/29 6:0 p.m.7 views

EUVD-2026-26273

A security flaw has been discovered in NousResearch hermes-agent 0.8.0. This affects the function checksensitivepath of the file tools/filetools.py. The manipulation results in symlink following. Attacking locally is a requirement. The exploit has been released to the public and may be used for...

4.8CVSS4.7AI score0.00138EPSS
Exploits0References8
osv
osv
added 2026/04/12 3:30 a.m.14 views

GHSA-R5V8-C28H-F8R8 MetaGPT affected by server-side request forgery in metagpt/utils/common.py

A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decodeimage of the file metagpt/utils/common.py. The manipulation of the argument imgurlorb64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit ha...

6.3CVSS6.2AI score0.00263EPSS
Exploits1References7
nvd
nvd
added 2026/04/06 5:17 p.m.6 views

CVE-2026-34975

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

8.5CVSS0.00194EPSS
Exploits2References1
cvelist
cvelist
added 2026/04/06 4:10 p.m.21 views

CVE-2026-34975 Plunk has a CRLF Email Header Injection in raw MIME message construction allows authenticated API user to inject arbitrary email headers

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

8.5CVSS0.00194EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2026/04/01 5:2 p.m.2 views

CVE-2026-34222 Open WebUI has Broken Access Control in Tool Valves

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.11, there is a broken access control vulnerability in tool values. This issue has been patched in version 0.8.11...

7.7CVSS5.8AI score0.05271EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/03/20 12:0 a.m.9 views

pinchtab 代码问题漏洞

Pinchtab is an open-source AI proxy browser control tool developed by Pinchtab. Versions of Pinchtab 0.8.2 and earlier contained code vulnerabilities. These vulnerabilities were caused by blind server-side request forgery in the download endpoint, which could lead to access to internal network...

5.8CVSS6.5AI score0.00289EPSS
Exploits1References2
euvd
euvd
added 2026/01/19 8:47 p.m.7 views

EUVD-2026-3285

CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage guild users to put malicious content onto the collection knowledge base...

7.1CVSS5.5AI score0.00196EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/12/15 12:0 a.m.11 views

PT-2025-51194

In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL 0x00 characters during the Latin-compatible charset UTF-8, ISO8859-1, ASCII, etc to IBM-1047/037 translation sequence. This can cause the...

6.9CVSS6.8AI score0.0026EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28122

Malicious code in bioql PyPI...

8.6CVSS6.4AI score0.00415EPSS
Exploits1References4
cvelist
cvelist
added 2025/08/21 12:0 a.m.10 views

CVE-2025-55524

Insecure permissions in Agent-Zero v0.8. allow attackers to arbitrarily reset the system via unspecified vectors...

0.00323EPSS
Exploits1References2
osv
osv
added 2025/04/06 10:15 p.m.5 views

CVE-2025-3323

A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely...

8.8CVSS5.8AI score0.00502EPSS
Exploits1References4
ossf
ossf
added 2025/03/28 1:5 p.m.7 views

Malicious code in 0-8 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
cnnvd
cnnvd
added 2024/07/30 12:0 a.m.7 views

mini-deep-assign 安全漏洞

mini-deep-assign is a library by Alexander Personal Developer. A security vulnerability exists in mini-deep-assign version v0.0.8. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service and other impact via the assign method at /lib/index.js:91...

9.8CVSS7.7AI score0.00973EPSS
Exploits1References2
attackerkb
attackerkb
added 2022/08/30 10:15 p.m.11 views

CVE-2022-36747

Razor v0.8.0 was discovered to contain a cross-site scripting XSS vulnerability via the function uploadchannel...

6.1CVSS5.6AI score0.00533EPSS
Exploits1References3
osv
osv
added 2022/04/13 2:15 p.m.7 views

CVE-2022-26643

An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application...

5.3CVSS5.8AI score
Exploits0References3
Rows per page
Query Builder