5 matches found
CVE-2026-11575 PhonePe Payment Solutions < 3.1.0 - Unauthenticated Payment Bypass via Forged Callback
The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash...
CVE-2026-45344
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...
EUVD-2026-33054
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...
kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftflowoffload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flowoffloadadd fails, error path...
CVE-2018-7911
Some Huawei smart phones ALP-AL00B 8.0.0.106C00, 8.0.0.113SP2C00, 8.0.0.113SP3C00, 8.0.0.113SP7C00, 8.0.0.118C00, 8.0.0.120SP2C00, 8.0.0.125SP1C00, 8.0.0.125SP3C00, 8.0.0.126SP2C00, 8.0.0.126SP5C00, 8.0.0.127SP1C00, 8.0.0.128SP2C00, ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113SP7C01, 8.0.0.118C01,...