Logo
Retour à la veille

CVE-2026-43872

Publié : 12 juin 2026
Modifié : 12 juin 2026
Lien officiel NVD

Description détaillée

Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.

Références et Patchs

https://actualbudget.org/blog/release-26.5.0https://github.com/actualbudget/actual/security/advisories/GHSA-4wf8-vhhr-4gpv

Dernières Vulnérabilités

CVE-2026-6676

Heap buffer out-of-bounds write vulnerability in Avira Antivirus engine when scanning a malformed POSIX tar archive may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.27.12.

VOIR DÉTAILS

CVE-2026-12068

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

VOIR DÉTAILS

CVE-2025-9033

Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux for engine builds before 8.3.70.76.

VOIR DÉTAILS