CVE ID :CVE-2026-27604 Published : June 23, 2026, 2:25 p.m. | 4 hours, 45 minutes ago Description :FOSSBilling is a free, open-source billing and client management system. Starting in version 0.5.4 and prior to version 0.8.0, an authorization bypass in the API role handling allows...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-27604 - FOSSBilling: Improper API Role Validation (system) Enables Unauthenticated Access to Privileged Admin Functions

VERWANDTEARTIKEL

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

CVE-2026-11807 - Eda-server: websocket missing authorization allows credential theft via activation_id spoofing

CVE-2026-49402 - Deno: Command Injection via spawnSync & spawn on Windows

CVE-2026-54008 - Open WebUI: Redirect-Bypass SSRF in OAuth `_process_picture_url`

CVE-2026-54010 - Open WebUI: Forged chat-file link allows cross-user file read and deletion

CVE-2026-54011 - Open WebUI: Stored XSS in Mermaid Markdown Preview