Malicious code in codefrequencychecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4202ead7b36e01a039c10a9379f617de02b50d5a69d5923652cfafb6f22067b6 Package exfiltrates browser cookies and passwords, and starts a Telegram bot allowing re-exfiltrating later. --- Category: MALICIOUS - The campaign has clearly...

MAL-2026-126 Malicious code in codefrequencychecker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4202ead7b36e01a039c10a9379f617de02b50d5a69d5923652cfafb6f22067b6 Package exfiltrates browser cookies and passwords, and starts a Telegram bot allowing re-exfiltrating later. --- Category: MALICIOUS - The campaign has clearly...

CVE-2026-0656

The CVE-2026-0656 entry concerns the iPaymu Payment Gateway for WooCommerce (WordPress). Wordfence reports a Missing Authentication flaw in webhook handling (function check_ipaymu_response) across versions up to 2.0.2, due to lack of signature verification and origin checks. This allows unauthent...

CVE-2026-0656 iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...

CVE-2026-0656 iPaymu Payment Gateway for WooCommerce <= 2.0.2 - Missing Authentication to Unauthenticated Payment Bypass and Order Information Disclosure

The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'checkipaymuresponse' function. This is due to the plugin not validating webhook request authenticity through signature verification or origi...

GHSA-GHW8-3XQW-HHCJ vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr, cert-manager-cmctl, aws-privateca-issuer, cert-manager-webhook-pdns, step-issuer, cert-exporter...

CVE-2024-12401 vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr, cert-manager-cmctl, aws-privateca-issuer, cert-manager-webhook-pdns, step-issuer, cert-exporter...

CVE-2024-12401 vulnerabilities

Vulnerabilities for packages: cert-manager, cert-manager-webhook-pdns-fips, aws-privateca-issuer, cert-manager-istio-csr, step-issuer-fips, cert-manager-cmctl, aws-privateca-issuer-fips, cert-manager-webhook-pdns, step-issuer, cert-exporter-fips, cert-exporter, cert-manager-fips,...

GHSA-GHW8-3XQW-HHCJ vulnerabilities

Vulnerabilities for packages: cert-manager, cert-manager-webhook-pdns-fips, aws-privateca-issuer, cert-manager-istio-csr, step-issuer-fips, cert-manager-cmctl, aws-privateca-issuer-fips, cert-manager-webhook-pdns, step-issuer, cert-exporter-fips, cert-exporter, cert-manager-fips,...

PT-2026-2104

Name of the Vulnerable Software and Affected Versions Tarkov Data Manager versions prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 Description The Tarkov Data Manager is a tool used to manage Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time-based blind S...

PT-2026-1574

Name of the Vulnerable Software and Affected Versions iPaymu Payment Gateway for WooCommerce plugin for WordPress versions up to and including 2.0.2 Description The iPaymu Payment Gateway for WooCommerce plugin for WordPress is susceptible to missing authentication. This occurs because the plugin...

Tarkov Data Manager SQL注入漏洞

Tarkov Data Manager is a database management tool from The Hideout open source. A SQL injection vulnerability exists in previous versions of Tarkov Data Manager 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, which stems from the presence of blind time-based SQL injection in the webhook editor and...

PT-2026-2124

Name of the Vulnerable Software and Affected Versions n8n versions 0.150.0 through 2.2.1 Description n8n is a workflow automation platform. A flaw in the Stripe Trigger node allows unauthenticated parties to trigger workflows by sending forged Stripe webhook events. The Stripe Trigger node create...

CVE-2025-69206

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...

EUVD-2025-205597

hemmelig allows SSRF Filter bypass via Secret Request functionality...

GHSA-VVXF-WJ5W-6GJ5 hemmelig allows SSRF Filter bypass via Secret Request functionality

Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...

hemmelig allows SSRF Filter bypass via Secret Request functionality

Summary A Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private IP addresses but can be bypassed using DNS rebinding e.g., localtest.me which resolves to 127.0.0.1 or ope...

CVE-2025-69206

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...

CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...

CVE-2025-69206 Hemmelig has SSRF Filter bypass in Secret Request functionality

Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery SSRF filter bypass vulnerability exists in the webhook URL validation of the Secret Requests feature. The application attempts to block internal/private ...