Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/31 2:10 p.m.5 views

CVE-2026-34209

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:10 p.m.4 views

CVE-2026-34210

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new...

6CVSS5.8AI score0.00494EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/29 3:11 p.m.3 views

GHSA-8MHJ-RFFC-RCVW mppx has Stripe charge credential replay via missing idempotency check

Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...

6CVSS5.9AI score0.00494EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.4 views

PT-2026-28608

Impact The stripe/charge payment method did not check Stripe's Idempotent-Replayed response header when creating PaymentIntents. An attacker could replay a valid credential containing the same spt token against a new challenge, and the server would accept the replayed Stripe PaymentIntent as a ne...

6CVSS5.9AI score0.00494EPSS
Exploits0References7
Rows per page
Query Builder