WordPress Paytm Payment Gateway <=2.7.0 - Server-Side Request Forgery

WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...

CVE-2026-13282

An use after free flaw was found in the Payments component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517522620...

WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection

WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-45805 info: name: WordPress Payt...

EUVD-2026-39584

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

CVE-2026-13282

CVE-2026-13282 concerns a use-after-free in the Payments component of Google Chrome on Android prior to version 149.0.7827.201 . The root cause is a heap corruption condition exposed by a local attacker with physical device access, as described in multiple sources. Affected software is Chrome on ...

EUVD-2026-39415

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

EUVD-2026-39414

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

EUVD-2026-39378

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

CVE-2026-56023

The CVE concerns the WordPress plugin “UPI QR Code Payment Gateway for WooCommerce” (versions ≤ 1.6.2). The root cause is Broken Access Control, allowing unauthorized access with low privileges over a network. Metrics indicate a CVSS v3.1 base score of 5.4 (Medium) with Privileges Required: Low, ...

PT-2026-52619

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.201 Description A use after free issue exists in the Payments component. This flaw allows a local attacker with physical access to the device to potentially exploit heap corruption, which...

Stable Channel Update for Desktop

The Stable channel has been updated to 149.0.7827.200/201 for Windows and Mac and 149.0.7827.200 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

DRUPAL-CONTRIB-2026-058

This module enables you to take payments through the Global Payments / Realex Hosted Payment Page HPP, either via a lightbox iframe or via a full-page redirect. When the gateway is configured with the redirect payment method, the module doesn't sufficiently verify the authenticity of the payment...

EUVD-2026-38130

AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...

Astra Linux – Vulnerability in Chromium

Before version 90.0.4430.212, using “after free” in Google Chrome’s payments functionality allowed an attacker who convinced a user to install a malicious payment app to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 87.0.4280.141, using "after free" in payments in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 88.0.4324.146, using "Use after free" in Payments in Google Chrome on Mac allowed a remote attacker to potentially perform a sandbox escape through a crafted HTML page...