Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

23379
Total
1666
Critical
7346
High
7432
Medium
CVE ID Severity Score Description Published
CVE-2026-53645 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to … Jul 06, 2026
CVE-2026-53644 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service … Jul 06, 2026
CVE-2026-53643 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API … Jul 06, 2026
CVE-2026-53642 UNKNOWN FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in … Jul 06, 2026
CVE-2026-53641 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting (XSS) vulnerability in the client-facing email … Jul 06, 2026
CVE-2026-53640 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints … Jul 06, 2026
CVE-2026-59710 MEDIUM 6.1 showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject … Jul 06, 2026
CVE-2026-43928 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the … Jul 06, 2026
CVE-2026-43927 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated … Jul 06, 2026
CVE-2026-43925 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows … Jul 06, 2026
CVE-2026-43921 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's `Config::prettyPrintArrayToPHP()` method. When … Jul 06, 2026
CVE-2026-43918 UNKNOWN FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, … Jul 06, 2026
CVE-2026-42204 HIGH 8.8 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom … Jul 06, 2026
CVE-2026-42153 HIGH 8.8 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings (postgres_user … Jul 06, 2026
CVE-2026-42148 LOW 3.8 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build … Jul 06, 2026
CVE-2026-41899 MEDIUM 6.5 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and … Jul 06, 2026
CVE-2026-38979 UNKNOWN ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header … Jul 06, 2026
CVE-2026-38976 UNKNOWN mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in op_super() / OP_SUPER due to a missing runtime guard for top-level … Jul 06, 2026
CVE-2026-38973 UNKNOWN mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbc_find_method(). Jul 06, 2026
CVE-2026-34599 HIGH 8.8 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the … Jul 06, 2026
CVE-2026-34167 MEDIUM 5.0 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property … Jul 06, 2026
CVE-2026-34153 HIGH 8.8 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fs_path and parent_dir … Jul 06, 2026
CVE-2026-34050 MEDIUM 6.5 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in … Jul 06, 2026
CVE-2026-34049 LOW 3.3 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did … Jul 06, 2026
CVE-2026-32718 MEDIUM 6.5 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, … Jul 06, 2026