Skip to content

Menu
  • Home
Menu

CVE-2026-53645 – FOSSBilling’s missing self-edit prevention in staff permission management allows persistent privilege escalation

Posted on July 7, 2026

CVE ID :CVE-2026-53645 Published : July 6, 2026, 11:16 p.m. | 1 hour, 57 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged…

CVE-2026-53644 – FOSSBilling’s missing order-state validation allows clients to read and reset API key secrets for non-active orders

Posted on July 7, 2026

CVE ID :CVE-2026-53644 Published : July 6, 2026, 11:16 p.m. | 1 hour, 57 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients…

CVE-2026-53643 – FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admin API endpoints

Posted on July 7, 2026

CVE ID :CVE-2026-53643 Published : July 6, 2026, 11:16 p.m. | 1 hour, 57 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff…

CVE-2026-43921 – FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

Posted on July 7, 2026

CVE ID :CVE-2026-43921 Published : July 6, 2026, 10:16 p.m. | 57 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code…

CVE-2026-43918 – Suspended or inactive FOSSBilling accounts can retain or regain access through existing sessions, API tokens, and password reset flows

Posted on July 7, 2026

CVE ID :CVE-2026-43918 Published : July 6, 2026, 10:16 p.m. | 57 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or…

CVE-2026-42204 – Coolify: Authenticated RCE via SHELL_SAFE_COMMAND_PATTERN regression → host root

Posted on July 7, 2026

CVE ID :CVE-2026-42204 Published : July 6, 2026, 10:16 p.m. | 57 minutes ago Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a…

CVE-2026-42153 – Coolify: PostgreSQL Healthcheck Command Injection Allows Root Code Execution in Container

Posted on July 7, 2026

CVE ID :CVE-2026-42153 Published : July 6, 2026, 10:16 p.m. | 57 minutes ago Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck…

CVE-2026-34599 – Coolify: Authenticated Remote Code Execution in GetLogs Livewire Component

Posted on July 7, 2026

CVE ID :CVE-2026-34599 Published : July 6, 2026, 10:16 p.m. | 57 minutes ago Description :Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is…

CVE-2026-9085 – DNS Hijacking in TUBITAK BILGEM’s Pardus-Parental-Control

Posted on July 6, 2026

CVE ID :CVE-2026-9085 Published : July 5, 2026, 3:16 p.m. | 7 hours, 57 minutes ago Description :Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute…

CVE-2026-59509 – Unauthenticated arbitrary MongoDB collection read in cve-search

Posted on July 6, 2026

CVE ID :CVE-2026-59509 Published : July 5, 2026, 1:16 p.m. | 9 hours, 57 minutes ago Description :An unauthenticated improper input validation vulnerability in the POST /fetch_cve_data endpoint in cve-search. A remote attacker can…

Posts pagination

1 2 … 106 Next

Site map

  • About Us
  • Privacy Policy
  • Terms & Conditions of Use
©2026 | Design: Newspaperly WordPress Theme