Lucene search
K

397 matches found

Cvelist
Cvelist
added 2026/03/31 2:10 p.m.25 views

CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS0.00359EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:10 p.m.6 views

CVE-2026-34209

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Code-Projects Simple Gym Management System SQL注入漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System has a SQL injection vulnerability. This vulnerability arises from incorrect operations on parameters such as...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/29 3:10 p.m.6 views

mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/03/29 3:10 p.m.10 views

Replay Attack

Overview mppx is a /picture Affected versions of this package are vulnerable to Replay Attack in the tempo/session cooperative close handler due to improper validation of the close voucher amount. An attacker can bypass intended restrictions by submitting a close voucher with an amount exactly...

8.3CVSS5.9AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2026/03/29 3:10 p.m.4 views

GHSA-MV9J-8JVG-J8MR mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality

Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...

7.5CVSS5.9AI score0.00359EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.6 views

PT-2026-28607

mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References6
NVD
NVD
added 2026/03/28 2:16 a.m.5 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/28 1:25 a.m.36 views

CVE-2026-4987 SureForms <= 2.5.2 - Unauthenticated Payment Amount Validation Bypass via 'form_id'

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/28 1:25 a.m.3 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.4 views

CVE-2026-3617

The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS6AI score0.00201EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 4:59 p.m.7 views

WordPress WordPress PayPal Donation plugin <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'amount' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin WordPress PayPal Donation versions = 1.01...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/03/21 4:17 a.m.11 views

CVE-2026-3617

The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS0.00201EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/21 3:26 a.m.2 views

CVE-2026-3617 Paypal Shortcodes <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'amount' and 'name' Shortcode Attributes

The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS6AI score0.00201EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.2 views

CVE-2026-3617

The Paypal Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'amount' and 'name' shortcode attributes in all versions up to, and including, 0.3. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes. The...

6.4CVSS6AI score0.00201EPSS
Exploits0References8
NVD
NVD
added 2026/03/13 7:54 p.m.10 views

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS0.0035EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:25 a.m.3 views

CVE-2026-2888

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.11 views

WordPress plugin Formidable Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.0035EPSS
Exploits0References5
Trellix
Trellix
added 2026/02/11 12:0 a.m.8 views

Dark Web Roast - January 2026 Edition

Dark Web Roast - January 2026 Edition By Trellix Advanced Research Center · February 11, 2026 Executive Summary Welcome to January 2026's underground intelligence roundup, where criminal masterminds continue to demonstrate that the phrase "honour among thieves" remains the greatest oxymoron in...

5.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/04 7:51 p.m.5 views

cpython: Excessive read buffering DoS in http.client

A flaw was found in the http.client module in the Python standard library. When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This issue allows a malicious server to cause the client to read large amounts of data into...

7.5CVSS5.7AI score0.01525EPSS
Exploits0References6
Rows per page
Query Builder