Lucene search
K

4 matches found

redhatcve
redhatcve
added 2026/04/09 1:23 a.m.5 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/07 7:21 p.m.2 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2026/04/07 12:0 a.m.7 views

WWBN AVideo 数据伪造问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a data manipulation vulnerability. This vulnerability stemmed from a lack of transaction deduplication in the PayPal IPN v1 handler, which could allow attackers to...

6.5CVSS5.7AI score0.0017EPSS
Exploits0References2
cnvd
cnvd
added 2018/06/11 12:0 a.m.2 views

paypal-ipn spoofing vulnerability

paypal-ipn is a node.js package for validating PayPal IPN messages. A security vulnerability exists in paypal-ipn versions prior to 3.0.0. An attacker can exploit this vulnerability by using an emulator build request to spoof arbitrary applications that do not detect the 'testipn' parameter...

5.9CVSS5.9AI score0.01169EPSS
Exploits0References1
Rows per page
Query Builder