Lucene search
+L

5 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-33731

WWBN AVideo is an open source video platform. In versions prior to 29.0, the Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying...

6.5CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 3 days ago18 views

CVE-2026-33731

CVE-2026-33731 (AVideo) affects versions prior to 29.0. The webhook flaw in plugin/AuthorizeNet/webhook.php enables a signature verification bypass, allowing an attacker to forge webhook data and credit arbitrary wallet balances by using a legitimate transaction ID. The exploit chain combines: (1...

6.5CVSS6.1AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-33731 AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflation via Forged Payment Data

WWBN AVideo is an open source video platform. In versions prior to 29.0, the Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying...

6.5CVSS0.00205EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

CVE-2026-33731 AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflation via Forged Payment Data

WWBN AVideo is an open source video platform. In versions prior to 29.0, the Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying...

6.5CVSS5.6AI score0.00205EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/22 7:58 p.m.16 views

AVideo has an Authorize.Net Webhook Signature Bypass that Enables Wallet Balance Inflation via Forged Payment Data

Summary The Authorize.Net webhook handler at plugin/AuthorizeNet/webhook.php contains a signature verification bypass that allows an attacker to forge webhook requests with arbitrary payment amounts and target user IDs. By supplying a valid transaction ID from a small legitimate purchase, the...

6.5CVSS6.2AI score0.00205EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder