CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/04/25 12:0 a.m.•1 views

Scalable and Verifiable Federated Learning for Cross-Institution Financial Fraud Detection

The global financial ecosystem confronts a critical asymmetry: while fraud syndicates operate as borderless, distributed networks, banking institutions remain constrained by regulatory data silos, limiting visibility into cross-institutional threat patterns under strict privacy laws such as GDPR...

5.4AI score

EUVD•added 2026/04/08 12:30 a.m.•1 views

EUVD-2026-19990

6.1CVSS6.1AI score0.00037EPSS

Exploits0References7

CNNVD•added 2026/04/08 12:0 a.m.•4 views

WordPress plugin Gravity Forms 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.1CVSS5.7AI score0.00037EPSS

Exploits0References6

CVE•added 2026/04/07 11:25 p.m.•4 views

CVE-2026-4394

Gravity Forms for WordPress (<= 2.9.30) is vulnerable to unauthenticated stored XSS via the Credit Card field’s Card Type sub-field (input_.4). The get_value_entry_detail() method outputs the card type value without escaping, while get_value_save_entry() accepts and stores unsanitized input fo...

6.1CVSS6.1AI score0.00037EPSS

Exploits0References6

Cvelist•added 2026/04/07 11:25 p.m.•18 views

CVE-2026-4394 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field

6.1CVSS0.00037EPSS

Exploits0References6

RedhatCVE•added 2026/04/01 10:58 a.m.•1 views

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

EUVD•added 2026/03/31 12:31 p.m.•2 views

Exploits0References1

EUVD-2025-209143

NVD•added 2026/03/31 11:16 a.m.•2 views

CVE-2025-15618

9.1CVSS0.00054EPSS

ATTACKERKB•added 2026/03/31 10:4 a.m.•0 views

CVE-2025-15618

Vulnrichment•added 2026/03/31 10:4 a.m.•2 views

CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

5.9AI score0.00054EPSS

Exploits0References2

CNNVD•added 2026/03/31 12:0 a.m.•3 views

MOCK Business::OnlinePayment::StoredTransaction 安全漏洞

MOCK Business::OnlinePayment::StoredTransaction is a module of MOCK Corporation designed for processing stored transaction data and executing online payment processes. Versions of Business::OnlinePayment::StoredTransaction prior to 0.01 contain security vulnerabilities. These vulnerabilities stem...

9.1CVSS5.8AI score0.00054EPSS

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29217

Name of the Vulnerable Software and Affected Versions Business::OnlinePayment::StoredTransaction versions through 0.01 Description The software generates a secret key using an MD5 hash of a single call to the rand function, which is not suitable for cryptographic purposes. This key is used for...

HackRead•added 2026/03/16 6:30 p.m.•3 views

Exploits0References8

New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time

Cofense researchers warn of a phishing scam where attackers use LiveChat to impersonate Amazon and PayPal agents and steal credit card and MFA codes...

5.8AI score

Malwarebytes•added 2026/02/24 8:28 a.m.•4 views

Refund scam impersonates Avast to harvest credit card details

A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit card details—card number, expiry date, and three-digit security code—under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live ch...

5.5AI score

Vulnrichment•added 2026/01/16 6:43 a.m.•1 views

CVE-2026-0942 Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit <= 5.1.5 - Missing Authorization to Unauthenticated Rede Order Logs Deletion

The Rede Itaú for WooCommerce — Payment PIX, Credit Card and Debit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clearOrderLogs function in all versions up to, and including, 5.1.5. This makes it possible for unauthenticated...

5.3CVSS5.8AI score0.00039EPSS

RedhatCVE•added 2026/01/13 10:52 p.m.•0 views

CVE-2025-13457

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

7.5CVSS6AI score0.00059EPSS

Exploits0References1

The Hacker News•added 2026/01/13 5:30 p.m.•5 views

Long-Running Web Skimming Campaign Steals Credit Cards From Online Checkout Pages

Cybersecurity researchers have discovered a major web skimming campaign that has been active since January 2022, targeting several major payment networks like American Express, Diners Club, Discover, JCB Co., Ltd., Mastercard, and UnionPay. "Enterprise organizations that are clients of these...

6.9AI score

HackRead•added 2026/01/13 2:28 p.m.•4 views

Widespread Magecart Campaign Targets Users of All Major Credit Cards

Researchers at Silent Push have exposed a global Magecart campaign stealing credit card data since 2022. Learn how this invisible web-skimming attack targets major networks like Mastercard and Amex, and how to stay safe...

7AI score