Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2024-56141 — Minosoft has IV equal to key

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager  encryption routine ( CryptMan…

| Cryptography
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
7.7 HIGH
CVE-2026-53646 — FOSSBilling: Client password reset token reuse allows persistent account takeover

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when a `ClientPasswordReset` record already exists for a client (from a previous unexpired re…

Remote | Authentication
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.5 HIGH
CVE-2026-53645 — FOSSBilling's missing self-edit prevention in staff permission management allows persiste…

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin…

Remote | Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.6 HIGH
CVE-2026-53644 — FOSSBilling's missing order-state validation allows clients to read and reset API key sec…

FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service secrets for orders that are no…

Remote | Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.7 HIGH
CVE-2026-53643 — FOSSBilling allows low-privileged staff accounts to perform unauthorized actions via admi…

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API endpoints. The root …

Remote | Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
5.3 MEDIUM
CVE-2026-53642 — FOSSBilling: Unverified clients can access client-area pages when email confirmation is r…

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in client with an unverifi…

Remote | Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
4.8 MEDIUM
CVE-2026-53641 — FOSSBilling has stored XSS in client email views via unescaped content in JavaScript temp…

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting (XSS) vulnerability in the client-facing email history views o…

Remote | Cross-Site Scripting
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
2.3 LOW
CVE-2026-53640 — FOSSBilling missing authorization checks on read-only admin API endpoints expose sensitiv…

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints that lack permission che…

Remote | Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-53648 — FOSSBilling: Downloadable product files can be overwritten through filename collisions

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrat…

| Misconfiguration
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-53647 — FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serv…

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any cal…

| Authentication
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
0.0 NA
CVE-2026-13356 — Interrupted navigation could allow address bar origin spoofing in Firefox for iOS

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to …

| Denial of Service
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
6.1 MEDIUM
CVE-2026-59710 — showdown - Stored XSS via Unescaped Table Header ID Attribute Injection

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can…

Remote | Cross-Site Scripting
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
2.3 LOW
CVE-2026-43928 — FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpaym…

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount (`mc_…

Remote | Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
6.9 MEDIUM
CVE-2026-43927 — FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond…

Remote | Race Condition
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
6.9 MEDIUM
CVE-2026-43925 — FOSSBilling: Mass assignment of group_id in guest client registration allows unauthorized…

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows any v…

Remote | Authorization
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.9 HIGH
CVE-2026-43921 — FOSSBilling vulnerable to arbitrary PHP code injection via unescaped config serialization

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's `Config::prettyPrintArrayToPHP()` metho…

Remote | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.7 HIGH
CVE-2026-43918 — Suspended or inactive FOSSBilling accounts can retain or regain access through existing s…

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, existing authenticated sessions …

Remote | Authentication
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.8 HIGH
CVE-2026-42204 — Coolify: Authenticated RCE via SHELL_SAFE_COMMAND_PATTERN regression → host root

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampe…

coolify | Remote | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
8.8 HIGH
CVE-2026-42153 — Coolify: PostgreSQL Healthcheck Command Injection Allows Root Code Execution in Container

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled databas…

coolify | Remote | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
3.8 LOW
CVE-2026-42148 — Coolify: Command Injection via Unescaped Version String in Docker Build

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs …

coolify | Injection
Jul 06, 2026 Jul 06, 2026
Jul 06, 2026
Jul 06, 2026
Showing 20 of 7536 Results