| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-27892 |
medium |
6.5 |
6.5 |
21d ago |
FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download |
|
| CVE-2026-42879 |
medium |
6.3 |
6.3 |
20d ago |
FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF Image Upload in Product Images |
|
| CVE-2026-32699 |
medium |
— |
5.5 |
29d ago |
FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field |
|
| CVE-2026-42877 |
medium |
5.4 |
5.4 |
21d ago |
FacturaScripts vulnerable to stored XSS via product reference in sales/purchases |
|
| CVE-2026-42878 |
medium |
5.3 |
5.3 |
20d ago |
FacturaScripts Vulnerable to Unauthenticated phpinfo() Disclosure via Installer Endpoint |
|