Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

actualbudget — Vulnerabilities & Security Advisories 3

Browse all 3 CVE security advisories affecting actualbudget. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by actualbudget:actual
CVE IDTitleCVSSSeverityPublished
CVE-2026-33318 Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers — actualCWE-284 8.8 High2026-04-24
CVE-2026-27638 ActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user mode — actualCWE-862 8.1AIHighAI2026-02-26
CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints — actualCWE-306 7.5 -2026-02-24

This page lists every published CVE security advisory associated with actualbudget. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.