10 matches found
CVE-2026-5356
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...
CVE-2026-5356 LatePoint - Calendar Booking Plugin for Appointments and Events <= 5.4.0 - Unauthenticated Stripe PaymentIntent Amount-Binding Bypass
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 5.4.0. This is due to the plugin's Stripe Connect payment processor accepting a client-supplied PaymentIntent ID. This makes it...
PT-2026-56400
Name of the Vulnerable Software and Affected Versions LatePoint – Calendar Booking Plugin for Appointments and Events versions prior to 5.4.1 Description Improper input validation in the Stripe Connect payment processor allows unauthenticated attackers to pay an arbitrary amount. This occurs...
CVE-2020-22662
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 SCG200 before 3.6.2.0.795, SmartZone 100 SZ-100 before 3.6.2.0.795, SmartZone 300 SZ300 before 3.6.2.0.795, Virtua...
The execution of an order transfers 1 token regardless of Order.amount
Lines of code Vulnerability details Impact An order can be placed for an arbitrary amount, which is relevant for ERC1155. But when matched and executed only 1 token is transferred. This can lead to problems with accounting for the user, expecting a transfer of Order.amount tokens, potentially wit...
Zomato: Add upto 10K rupees to a wallet by paying an arbitrary amount
| TimeStamp | Action | |----------|:-------------:| | Wed, 24 Nov 2021, 11:24 IST | Received the report | | Wed, 24 Nov 2021, 11:25 IST | Validation and analysis of issue initiated | | Wed, 24 Nov 2021, 11:28 IST | Vulnerability reported to the respective Internal Team | | Wed, 24 Nov 2021, 11:36...
CVE-2018-18425
The doAirdrop function of a smart contract implementation for Primeo PEO, an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. Increasing the total...
Zomato: [www.zomato.com/dubai/gold] CRITICAL - Allowing arbitrary amount to become a GOLD Member
Hacker was able to find the internal testing Zomato Gold membership. I was able to purchase the PREMIUM GOLD MEMBERSHIP by selecting the amount of our own choice, here it required two conditions first is that you must have a valid premium membership. So, when I looked up the cost of the membershi...
[ MDVSA-2015:090 ] libpng
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:090 http://www.mandriva.com/en/support/security/ Package : libpng Date : March 28, 2015 Affected: Business Server 2.0 Problem Description: Updated libpng package fixes security vulnerabilities: The...
Uzbey: Price Manipulation
Hey guys, I put this down as a 2nd bug as it may have been overlooked from the previous report and I figured it'd be easier to track a fix and add comments separately... When completing an order it looks like it may be possible to pay an arbitrary amount - what happens is a request is generated t...