Lucene search
K

55 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2026-43883

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/PayPalYPT/agreementCancel.json.php cancels a PayPal billing agreement using an attacker-supplied agreement parameter without verifying that the authenticated user owns the agreement. A low-privilege...

4.2CVSS5.4AI score0.00167EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.8 views

Taking a Bite out of the Forbidden Fruit: Characterizing Third-Party Iranian IOS App Stores

Due to U.S. sanctions and strict internet censorship, Iranian iOS users are barred from accessing the Apple App Store and developer services. In response, despite violating Apple's developer terms, a thriving underground ecosystem of third-party iOS app stores has emerged to serve Iranian users...

5.5AI score
Exploits0
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.6 views

WordPress plugin Crypto Payment Gateway with Payeer for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

7.5CVSS6.6AI score0.00273EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/18 9:30 a.m.6 views

EUVD-2025-34982

The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be free allowing the user to bypass the payment...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-20821

Malware in sbrugna...

5.5CVSS7.3AI score0.01095EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-16410

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.0049EPSS
Exploits0References3
OSV
OSV
added 2025/06/27 10:6 p.m.5 views

GHSA-VH5J-5FHQ-9XWG Taylor has race condition in /get-patch that allows purchase token replay

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/06/27 10:6 p.m.5 views

Taylor has race condition in /get-patch that allows purchase token replay

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

7AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.1 views

PT-2025-28303 · Npm · Taylored

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

7.1AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:24 a.m.7 views

CVE-2024-0619

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS6.8AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:6 p.m.7 views

CVE-2020-28361

Kamailio before 5.4.0, as used in Sip Express Router SER in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the removehf function in the Kamailio textops module. Particular use of removehf in...

5.5CVSS6.7AI score0.01095EPSS
Exploits1
NVD
NVD
added 2024/07/11 4:15 a.m.23 views

CVE-2024-0619

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS0.00402EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/11 3:33 a.m.19 views

CVE-2024-0619 Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS6.8AI score0.00402EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/11 3:33 a.m.23 views

CVE-2024-0619 Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update

The Payflex Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the paymentcallback function in all versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to update the status of orders,...

5.3CVSS0.00402EPSS
Exploits0References2
CVE
CVE
added 2024/07/11 3:33 a.m.49 views

CVE-2024-0619

CVE-2024-0619 concerns the Payflex Payment Gateway WordPress plugin, where a missing capability check in payment_callback() in all versions up to and including 2.5.0 permits unauthenticated modification of order status. The NVD description notes unauthorized data modification could lead to revenu...

5.3CVSS5.5AI score0.00402EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2024/04/23 10:22 a.m.26 views

Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there's a larger, more pressing question: What is the true financial impact of a cyberattack? According to researc...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/26 12:0 a.m.364 views

taskhub 2.8.7 - SQL Injection

Exploit Title: taskhub 2.8.7 - SQL Injection Exploit Author: CraCkEr Date: 05/09/2023 Vendor: Infinitie Technologies Vendor Homepage: https://www.infinitietech.com/ Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Demo: https://taskhub.company/auth...

8CVSS7.9AI score0.00692EPSS
Exploits5
OSV
OSV
added 2024/01/25 2:15 a.m.10 views

CVE-2024-0617

The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...

5.3CVSS5.8AI score0.0049EPSS
Exploits0References3
NVD
NVD
added 2024/01/25 2:15 a.m.22 views

CVE-2024-0617

The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...

5.3CVSS5.1AI score0.0049EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/25 1:55 a.m.31 views

CVE-2024-0617 Category Discount Woocommerce <= 4.12 - Missing Authorization via wpcd_save_discount()

The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcdsavediscount function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category...

5.3CVSS5.4AI score0.0049EPSS
Exploits0References3
Rows per page
Query Builder