Missing Authentication for Critical Function

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the absence of authentication checks in the list.json.php template used by multiple plugin endpoints. An attack...

AVideo: Unauthenticated Access to Payment Log DataTables Endpoints Exposes Transaction Data, PayPal Tokens, and User Financial Records

Summary Multiple payment plugin list.json.php endpoints lack authentication and authorization checks, allowing unauthenticated attackers to retrieve all payment transaction records including PayPal billing agreement IDs, Express Checkout tokens, Authorize.Net webhook payloads with transaction...

CVE-2026-23184

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via binderproctransaction return a BRTRANSACTIONPENDINGFROZEN error but they are still treated as successful since the target is expected to thaw a...

CVE-2026-23184

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via binderproctransaction return a BRTRANSACTIONPENDINGFROZEN error but they are still treated as successful since the target is expected to thaw a...

EUVD-2026-5858

In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via binderproctransaction return a BRTRANSACTIONPENDINGFROZEN error but they are still treated as successful since the target is expected to thaw a...

CVE-2025-14463

The Payment Button for PayPal plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 1.2.3.41. This is due to the plugin exposing a public AJAX endpoint wppaypalcheckoutajaxprocessorder that processes checkout results without any authentication or...

EUVD-2014-3942

Malware in sbrugna...

EUVD-2013-2219

Malware in sbrugna...

EUVD-2015-5862

Malware in sbrugna...

Malicious code in transaction-data-generation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1a6cb3f68b22b02db63a832b56fed4db00fc629b1b3540dbae8dc8114daa530 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4897 Malicious code in transaction-data-generation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c1a6cb3f68b22b02db63a832b56fed4db00fc629b1b3540dbae8dc8114daa530 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Clustering and Analysis of User Behaviour in Blockchain: a Case Study of Planet IX

Decentralised applications dApps that run on public blockchains have the benefit of trustworthiness and transparency as every activity that happens on the blockchain can be publicly traced through the transaction data. However, this introduces a potential privacy problem as this data can be track...

The Binance Crackdown Will Be an 'Unprecedented' Bonanza for Crypto Surveillance

Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.”...

Investigation Regarding Misconfigured Microsoft Storage Location

October 28, 2022 update:Added a Customer FAQ section. Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data correspondin...

Investigation Regarding Misconfigured Microsoft Storage Location

October 28, 2022 update: Added a Customer FAQ section. Summary Summary Security researchers at SOCRadar informed Microsoft on September 24, 2022, of a misconfigured Microsoft endpoint. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data...

GHSA-G5RR-P69H-7V3G Insufficient type validation in pocketmine/pocketmine-mp

Impact When an inventory interaction is performed e.g. moving an item around an inventory, the client sends a serialized version of the itemstack to the server, which the server then deserializes and compares against its own copy. If the copies don't match, the transaction is invalid. This involv...

WhatsApp Will Disable Your Account If You Don't Agree Sharing Data With Facebook

"Respect for your privacy is coded into our DNA," opens WhatsApp's privacy policy. "Since we started WhatsApp, we've aspired to build our Services with a set of strong privacy principles in mind." But come February 8, 2021, this opening statement will no longer find a place in the policy. The...

Logic flaw vulnerability in bitcoind and Bitcoin-Qt

A security vulnerability exists in bitcoind and Bitcoin-Qt 0.8.x versions. A remote attacker could exploit this vulnerability to cause a denial of service memory exhaustion via a large amount of tx message data...

Safe as houses: 5 security measures adopted by cryptocurrency exchanges

By Waqas Cryptocurrencies rely on the blockchain, a decentralized ledger that records all transactions ever made within it. The blockchain network consists of multiple nodes that maintain it. To gain control over the network and tamper with transaction data a hacker should compromise most of the...

Navis WebAccess - SQL injection vulnerability

No description provided by source. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product - Navis WebAccess - SQL Injection Date - 8/8/2016 Author - bRpsd Skype: vegnox Vendor HomePage - http://www.navis.com/ Product Download - http://navis.com/prwebaccess.jsp currently under...