Lucene search
K

2026 matches found

Cvelist
Cvelist
added 2026/03/31 2:10 p.m.26 views

CVE-2026-34210 mppx has Stripe charge credential replay via missing idempotency check

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

6CVSS0.00494EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 2:10 p.m.2 views

CVE-2026-34210 mppx has Stripe charge credential replay via missing idempotency check

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

6CVSS5.8AI score0.00494EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 2:10 p.m.10 views

CVE-2026-34210

The cvE-2026-34210 issue affects the mppx TypeScript interface for the machine payments protocol. Prior to version 0.4.11, the stripe/charge method did not validate Stripe’s Idempotent-Replayed header when creating PaymentIntents, allowing an attacker to replay a valid credential with the same sp...

8.1CVSS5.8AI score0.00494EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/28 12:0 a.m.9 views

WordPress plugin SureForms 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00256EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-2890

The Formidable Forms plugin for WordPress is vulnerable to a payment integrity bypass in all versions up to, and including, 6.28. This is due to the Stripe Link return handler handleonetimestripelinkreturnurl marking payment records as complete based solely on the Stripe PaymentIntent status...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2026/03/24 5:0 p.m.8 views

Governing AI agent behavior: Aligning user, developer, role, and organizational intent

AI agents increasingly perform tasks that involve reasoning, acting, and interacting with other systems. Building a trusted agent requires ensuring it operates within the correct boundaries and performs tasks consistent with its intended purpose. In practice, this requires aligning several layers...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/23 1:56 p.m.6 views

Malicious code in financial-crimes-general-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 21f201c2aada618cb80f926b029f6b83b3f3bd9ffd0b35d5a4bb0c3aa1afd792 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...

5.9AI score
Exploits0References5
EUVD
EUVD
added 2026/03/19 3:30 a.m.6 views

EUVD-2026-13015

OpenClaw versions prior to 2026.2.22 contain an authorization bypass vulnerability in allow-always wrapper persistence that allows attackers to bypass approval checks by persisting wrapper-level allowlist entries instead of validating inner executable intent. Remote attackers can approve benign...

7.2CVSS6.5AI score0.00431EPSS
Exploits0References4
NVD
NVD
added 2026/03/16 2:18 p.m.4 views

CVE-2026-20988

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability...

6.8CVSS0.00082EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/16 4:31 a.m.3 views

CVE-2026-20988

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability...

6.8CVSS5.8AI score0.00082EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 4:31 a.m.27 views

CVE-2026-20988

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability...

6.8CVSS0.00082EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 4:31 a.m.4 views

CVE-2026-20988

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability...

6.8CVSS5.8AI score0.00082EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.10 views

PT-2026-25593

Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability...

6.8CVSS5.8AI score0.00082EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.32 views

Uncovering Security Threats and Architecting Defenses in Autonomous Agents: A Case Study of OpenClaw

The rapid evolution of Large Language Models LLMs into autonomous, tool-calling agents has fundamentally altered the cybersecurity landscape. Frameworks like OpenClaw grant AI systems operating-system-level permissions and the autonomy to execute complex workflows. This level of access creates...

6.1AI score
Exploits0
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

SAMSUNG Settings 安全漏洞

SAMSUNG Settings is a setting service provided by Samsung Electronics of South Korea. Versions of SAMSUNG Settings prior to SMR Mar-2026 Release 1 contained security vulnerabilities. These vulnerabilities stemmed from improper intent verification by the broadcast receiver, which could allow local...

6.8CVSS5.9AI score0.00082EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/13 9:31 p.m.6 views

EUVD-2026-11766

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25159

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frm strp amount AJAX handler update intent ajax overwriting the global $ POST data with attacker-controlled JSON input and...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/03/12 12:0 a.m.34 views

Taming OpenClaw: Security Analysis and Mitigation of Autonomous LLM Agent Threats

Autonomous Large Language Model LLM agents, exemplified by OpenClaw, demonstrate remarkable capabilities in executing complex, long-horizon tasks. However, their tightly coupled instant-messaging interaction paradigm and high-privilege execution capabilities substantially expand the system attack...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.3 views

FalconEYE 2.1.0

FalconEYE represents a paradigm shift in static code analysis. Instead of relying on predefined vulnerability patterns, it leverages large language models to reason about your code the same way a security expert would, understanding context, intent, and subtle security implications that tradition...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.4 views

CVE-2025-48582

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00108EPSS
Exploits0References1
Rows per page
Query Builder