Lucene search
K

7 matches found

NVD
NVD
added 2026/06/20 7:16 p.m.12 views

CVE-2026-56341

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS0.00302EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 6:27 p.m.21 views

CVE-2026-56341 AVideo - Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS0.00302EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 6:27 p.m.7 views

CVE-2026-56341

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/20 6:27 p.m.10 views

EUVD-2026-38130

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 6:27 p.m.23 views

CVE-2026-56341

AVideo prior to 26.1 (through version 26.0) exposes unauthenticated access to payment data via multiple list.json.php endpoints in payment plugins, lacking authorization checks. The issue enables retrieval of PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records, including agreem...

8.7CVSS5.8AI score0.00302EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/29 3:40 p.m.6 views

AVideo: Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal Tokens, and User Financial Records

Summary Multiple payment plugin list.json.php endpoints lack authentication and authorization checks, allowing unauthenticated attackers to retrieve all payment transaction records including PayPal billing agreement IDs, Express Checkout tokens, Authorize.Net webhook payloads with transaction...

5.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/29 3:40 p.m.3 views

GHSA-WPRJ-9CVC-5W37 AVideo: Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal Tokens, and User Financial Records

Summary Multiple payment plugin list.json.php endpoints lack authentication and authorization checks, allowing unauthenticated attackers to retrieve all payment transaction records including PayPal billing agreement IDs, Express Checkout tokens, Authorize.Net webhook payloads with transaction...

7.5CVSS5.9AI score0.00302EPSS
Exploits0References4
Rows per page
Query Builder