CVE-2026-27584 ActualBudget server is Missing Authentication for SimpleFIN and Pluggy AI bank sync endpoints

Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and Pluggy.ai integration endpoints and read sensitive bank account balance and transaction...

PT-2026-21761

Name of the Vulnerable Software and Affected Versions ActualBudget versions prior to 26.2.1 Description A missing authentication check in the ActualBudget server component allows unauthenticated users to access the SimpleFIN and Pluggy.ai integration endpoints. This allows an attacker to read...

EUVD-2025-29066

Malicious code in bioql PyPI...

Unspecified Vulnerability in AXIS BANK Axis Mobile App

AXIS BANK Axis Mobile App is a mobile banking application by AXIS BANK India. AXIS BANK Axis Mobile App version 9.9 has a security vulnerability that can be exploited by an attacker that may lead to the disclosure of account information, balances, transaction history and other data...

CVE-2025-56467

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended...

CVE-2025-56467

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended...

CVE-2025-56467

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended...

AXIS BANK Axis Mobile App 安全漏洞

AXIS BANK Axis Mobile App is a mobile banking application by AXIS BANK India. AXIS BANK Axis Mobile App version 9.9 has a security vulnerability that can be exploited by an attacker that may lead to the disclosure of account information, balances, transaction history and other data...

CVE-2025-56467

Technical details about CVE-2025-56467 are not publicly provided in the supplied documents; no concrete exploit paths or affected components are described here. Monitor for updates.

PT-2025-37337

Name of the Vulnerable Software and Affected Versions: AXIS BANK LIMITED Axis Mobile App version 9.9 Description: An issue was discovered that allows attackers to gain sensitive information without a UPI PIN, including account information, balances, transaction history, and other unspecified...

CVE-2025-56467

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended...

MTN Group: Broken Access Control leads to disclosure of transaction history via /v2/rechargeTransactionHistory endpoint

The vulnerability disclosed the transaction history details of MTN NG customers, including recharge dates, amounts, and transaction IDs. This was caused by insufficient authorization checks in the /v2/rechargeTransactionHistory API endpoint, which allowed access to other customers' data without...

CVE-2018-15660

An issue was discovered in the Ola Money aka com.olacabs.olamoney application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and...

PT-2018-13126 · Ola Cabs · Ola Money

Name of the Vulnerable Software and Affected Versions: Ola Money aka com.olacabs.olamoney version 1.9.0 Description: An issue was discovered in the Ola Money application for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Mone...

Enter: stored xss in transaction

Open wallet settings and remove maxlength="30" from wallet name input 2. Change name to something like this asdf'"alert1 3. Go to "Send bitcoin" and make inbound transfer from one wallet to another with description: descalert'xss in description' 4. Submit form 5. After submit we got xss both in...