Total CVEs

143,081

Critical Severity

4,044

High Severity

14,530

Last 7 Days

1,278
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 21 - 27 of 27 CVEs

FOSSBilling is a free, open-source billing and client management system. In versions 0.7.2 and prior, a query-construction flaw in client list endpoints allowed authenticated clients to bypass tenant scoping and retrieve other clients’ data. Details In ServiceTransaction::getSearchQuery() and Order\...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jun 23, 2026
Source: NVD

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating rel_id when rel_type=order, an authenticated c...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jun 23, 2026
Source: NVD

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection (SSTI) vulnerability in the template rendering system. Administrators with access to features that render Twig templates (email templates, mass mail campaigns, custo...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jun 23, 2026
Source: NVD

FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows unauthenticated access to privileged `/api/system/*` endpoints. Because `system` resolves to the cron admin identity,...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jun 23, 2026
Source: NVD

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-API controller and is not covered by FOSSBilling's rate limiter, which only applies to `/api/*` ro...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jun 04, 2026
Source: NVD

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect tar...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jun 03, 2026
Source: NVD

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hide_version_public` security setting. The FOSSBilling version is embedded in the query string of every ...

Vendor: FOSSBilling
Product: FOSSBilling
Published: Jun 03, 2026
Source: NVD