Lucene search
K

181 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 10:58 a.m.5 views

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

9.1CVSS5.9AI score0.00328EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/31 12:31 p.m.4 views

EUVD-2025-209143

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

9.1CVSS5.9AI score0.00328EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 11:16 a.m.9 views

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

9.1CVSS0.00328EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:4 a.m.2 views

CVE-2025-15618

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

9.1CVSS5.9AI score0.00328EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 10:4 a.m.4 views

CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is...

5.9AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.6 views

PT-2026-29217

Name of the Vulnerable Software and Affected Versions Business::OnlinePayment::StoredTransaction versions through 0.01 Description The software generates a secret key using an MD5 hash of a single call to the rand function, which is not suitable for cryptographic purposes. This key is used for...

9.1CVSS5.9AI score0.00328EPSS
Exploits0References8
Malwarebytes
Malwarebytes
added 2026/02/24 8:28 a.m.6 views

Refund scam impersonates Avast to harvest credit card details

A fraudulent website dressed in Avast’s brand is tricking French-speaking users into handing over their full credit card details—card number, expiry date, and three-digit security code—under the cover story of processing a €499.99 refund that was never owed to them. The operation combines live ch...

5.5AI score
Exploits0
HackRead
HackRead
added 2026/01/13 2:28 p.m.9 views

Widespread Magecart Campaign Targets Users of All Major Credit Cards

Researchers at Silent Push have exposed a global Magecart campaign stealing credit card data since 2022. Learn how this invisible web-skimming attack targets major networks like Mastercard and Amex, and how to stay safe...

7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/10 3:21 a.m.5 views

CVE-2025-13457 WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id

The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the gettokenbyid function due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to expose arbitrary Squa...

7.5CVSS5.7AI score0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/01/10 3:21 a.m.33 views

CVE-2025-13457

CVE-2025-13457 affects the WooCommerce Square plugin for WordPress (versions up to 5.1.1). The vulnerability is an Insecure Direct Object Reference in the get_token_by_id function due to missing validation on a user-controlled key, enabling unauthenticated attackers to exfiltrate arbitrary Square...

7.5CVSS5.7AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/10 12:0 a.m.5 views

PT-2026-1703

Name of the Vulnerable Software and Affected Versions WooCommerce Square versions prior to 5.1.2 Description The WooCommerce Square plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This is due to a lack of validation on a user-controlled key within the get token b...

7.5CVSS6.5AI score0.00256EPSS
Exploits0References6
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-13371

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...

8.6CVSS0.00372EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/07 6:36 a.m.23 views

CVE-2025-13371 Money Space <= 2.13.9 - Unauthenticated Sensitive Information Exposure

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...

8.6CVSS0.00372EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/01/07 6:36 a.m.2 views

CVE-2025-13371 Money Space <= 2.13.9 - Unauthenticated Sensitive Information Exposure

The MoneySpace plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.9. This is due to the plugin storing full payment card details PAN, card holder name, expiry month/year, and CVV in WordPress postmeta using base64encode, and then...

8.6CVSS5.8AI score0.00372EPSS
Exploits0References5
CVE
CVE
added 2026/01/07 6:36 a.m.22 views

CVE-2025-13371

CVE-2025-13371 refers to Money Space (Money Space) WordPress plugin. The vulnerability affects all versions up to 2.13.9 and arises from the plugin storing full card data (PAN, cardholder name, expiry, CVV) in WordPress post_meta encoded with base64, then embedding these values into the public ms...

8.6CVSS5.8AI score0.00372EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2025/12/15 9:24 a.m.11 views

Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector

Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primari...

7.1AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-0410

Malware in sbrugna...

6.4CVSS6.4AI score0.05657EPSS
Exploits1References3
Malwarebytes
Malwarebytes
added 2025/09/10 9:47 a.m.8 views

Plex users: Reset your password!

Media streaming platform Plex has warned customers about a data breach, advising them to reset their password. Plex said an attacker broke into one of its databases, allowing them to access a "limited subset" of customer data. This included email addresses, usernames, hashed passwords, and...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/08/20 5:54 p.m.12 views

DOM-Based Extension Clickjacking Exposes Popular Password Managers to Credential and Data Theft

Popular password manager plugins for web browsers have been found susceptible to clickjacking security vulnerabilities that could be exploited to steal account credentials, two-factor authentication 2FA codes, and credit card details under certain conditions. The technique has been dubbed Documen...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-16078

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unsafe handling of credit card details in Autofill in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain potentially sensitive information...

6.5CVSS7.3AI score0.01848EPSS
Exploits0References2
Rows per page
Query Builder