Lucene search
+L

1207 matches found

EUVD
EUVD
added 2026/04/07 9:31 a.m.3 views

EUVD-2026-19584

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 7:40 a.m.25 views

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS0.00166EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 7:40 a.m.4 views

CVE-2026-3177 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.9.7 - Insufficient Verification of Data Authenticity to Unauthenticated Donation Status Forgery via Stripe Webhook

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 7:40 a.m.2 views

CVE-2026-3177

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References3
CVE
CVE
added 2026/04/07 7:40 a.m.16 views

CVE-2026-3177

The CVE-2026-3177 entry describes a vulnerability in the Charitable – Donation Plugin for WordPress (Fundraising with Recurring Donations & More) for WordPress, affecting versions up to and including 1.8.9.7. The root cause is insufficient verification of data authenticity for incoming Stripe web...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.17 views

PT-2026-30800

Name of the Vulnerable Software and Affected Versions The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More versions through 1.8.9.7 Description The Charitable – Donation Plugin for WordPress is affected by a flaw due to missing cryptographic verification of...

5.3CVSS5.8AI score0.00166EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/04 6:26 a.m.6 views

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the OAuth flow, where the PKCE verifier is reused as the OAuth state value and reflected back in the redirect URL. An attacker can obtai...

8CVSS5.9AI score0.00238EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 2:44 a.m.2 views

Insufficient Verification of Data Authenticity

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 2:44 a.m.4 views

Insufficient Verification of Data Authenticity

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker can manipulate t...

6.5CVSS5.9AI score0.00123EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.5 views

CVE-2025-52645

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

5.3CVSS5.8AI score0.00084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-23656

Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network...

5.9CVSS5.8AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.6 views

CVE-2026-32290

The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS6AI score0.0016EPSS
Exploits0References1
HackRead
HackRead
added 2026/03/24 5:42 p.m.7 views

OVHcloud Founder Denies Massive 590TB Data Breach Claims

OVHcloud denies breach after hacker claims 600TB data theft affecting millions of sites, with experts doubting authenticity due to weak proof...

5.8AI score
Exploits0
CVE
CVE
added 2026/03/20 6:27 p.m.8 views

CVE-2026-32318

Cryptomator for iOS prior to 2.8.3 had an integrity-check vulnerability that allowed tampering of the vault.config file, enabling a MITM in the Hub key loading process. The client trusted endpoints from vault config without host authenticity checks, potentially enabling token exfiltration by mixi...

7.6CVSS5.8AI score0.00078EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/18 8:21 p.m.6 views

GHSA-G9F6-9775-HFFM Nhost Storage Affected by MIME Type Spoofing via Trusted Client Content-Type Header in Storage Upload

Summary The storage service's file upload handler trusts the client-provided Content-Type header without performing server-side MIME type detection. This allows an attacker to upload files with an arbitrary MIME type, bypassing any MIME-type-based restrictions configured on storage buckets...

5.3CVSS5.9AI score0.00173EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/17 6:30 p.m.7 views

EUVD-2026-12598

The GL-iNet Comet GL-RM1 KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS5.8AI score0.0016EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/17 6:30 p.m.6 views

EUVD-2026-12606

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

7CVSS5.8AI score0.00128EPSS
Exploits0References5
NVD
NVD
added 2026/03/17 6:16 p.m.8 views

CVE-2026-32294

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

7CVSS0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/03/17 6:16 p.m.7 views

CVE-2026-32290

The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS0.0016EPSS
Exploits0References4
OSV
OSV
added 2026/03/17 5:19 p.m.5 views

CVE-2026-32294 JetKVM insufficient firmware verification

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

7CVSS6.1AI score0.00128EPSS
Exploits0References6
Rows per page
Query Builder