Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
23379
Total
1666
Critical
7346
High
7432
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-53645 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to … | Jul 06, 2026 |
| CVE-2026-53644 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Versions 0.5.3 through 0.7.2 allow authenticated clients to both read and reset API key service … | Jul 06, 2026 |
| CVE-2026-53643 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow low-privileged staff accounts to perform unauthorized actions via admin API … | Jul 06, 2026 |
| CVE-2026-53642 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. In versions 0.5.6 through 0.7.2, when the "Require Email Confirmation" setting is enabled, a logged-in … | Jul 06, 2026 |
| CVE-2026-53641 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting (XSS) vulnerability in the client-facing email … | Jul 06, 2026 |
| CVE-2026-53640 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, low-privileged staff accounts may read sensitive data via admin API endpoints … | Jul 06, 2026 |
| CVE-2026-59710 | MEDIUM | 6.1 | showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject … | Jul 06, 2026 |
| CVE-2026-43928 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the … | Jul 06, 2026 |
| CVE-2026-43927 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated … | Jul 06, 2026 |
| CVE-2026-43925 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, an unauthenticated mass assignment vulnerability in the client self-registration endpoint allows … | Jul 06, 2026 |
| CVE-2026-43921 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Versions 0.6.10 through 0.7.2 have a PHP code injection vulnerability in FOSSBilling's `Config::prettyPrintArrayToPHP()` method. When … | Jul 06, 2026 |
| CVE-2026-43918 | UNKNOWN | — | FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, when a client or staff/admin account is suspended or marked inactive, … | Jul 06, 2026 |
| CVE-2026-42204 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.471 through 4.0.0-beta.473, a regression in SHELL_SAFE_COMMAND_PATTERN allowed ampersands in custom … | Jul 06, 2026 |
| CVE-2026-42153 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, PostgreSQL healthcheck command generation used attacker-controlled database settings (postgres_user … | Jul 06, 2026 |
| CVE-2026-42148 | LOW | 3.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, the buildHelperImage method in app/Livewire/Settings/Index.php constructs a Docker build … | Jul 06, 2026 |
| CVE-2026-41899 | MEDIUM | 6.5 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and … | Jul 06, 2026 |
| CVE-2026-38979 | UNKNOWN | — | ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative UI. In ajenti-core/aj/http.py, the core HTTP response path initializes an empty header … | Jul 06, 2026 |
| CVE-2026-38976 | UNKNOWN | — | mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in op_super() / OP_SUPER due to a missing runtime guard for top-level … | Jul 06, 2026 |
| CVE-2026-38973 | UNKNOWN | — | mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method lookup inside mrbc_find_method(). | Jul 06, 2026 |
| CVE-2026-34599 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the … | Jul 06, 2026 |
| CVE-2026-34167 | MEDIUM | 5.0 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the ActivityMonitor Livewire component exposes a public $activityId property … | Jul 06, 2026 |
| CVE-2026-34153 | HIGH | 8.8 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fs_path and parent_dir … | Jul 06, 2026 |
| CVE-2026-34050 | MEDIUM | 6.5 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the Settings/Updates Livewire component does not check isInstanceAdmin in … | Jul 06, 2026 |
| CVE-2026-34049 | LOW | 3.3 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. From 4.0.0-beta.451 through 4.0.0-beta.470, database backup handling for MongoDB collection names did … | Jul 06, 2026 |
| CVE-2026-32718 | MEDIUM | 6.5 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, mutating API validation endpoints are guarded by read ability, … | Jul 06, 2026 |