Vulnerabilidades en actualbudget

6 resultados

CVE-2026-33318HIGHActual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated ServersEPSS 0.5%CVE-2026-42604MEDIUMActual has an OpenID `client_secret` Disclosure via Broken Authorization Guard in `/openid/config`EPSS 0.4%CVE-2026-27584CRITICALActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpointsEPSS 0.4%CVE-2026-43872MEDIUMactual-server has a path traversal vulnerabilityEPSS 0.3%CVE-2026-27638MEDIUMActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user modeEPSS 0.3%CVE-2026-42890MEDIUMactual Allows Electron to Run As NodeEPSS 0.1%