419 matches found
axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could le...
codex-solidity
⛓️ Codex Solidity — Smart Contract & Protocol Audit Agent Imp...
CVE-2025-14450
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
CVE-2025-14450 Wallet System for WooCommerce <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
CVE-2025-14450 Wallet System for WooCommerce <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wallet Balance Manipulation
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
EUVD-2026-3163
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
WordPress plugin Wallet System for WooCommerce has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-12362 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7 - Missing Authorization to Unauthenticated Withdrawal Request Approval
The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...
EUVD-2018-5933
Malware in sbrugna...
EUVD-2018-5569
Malware in sbrugna...
EUVD-2018-5027
Malware in sbrugna...
EUVD-2018-5032
Malware in sbrugna...
EUVD-2018-5513
Malware in sbrugna...
EUVD-2018-5465
Malware in sbrugna...
EUVD-2018-5451
Malware in sbrugna...
EUVD-2018-5674
Malware in sbrugna...
EUVD-2018-5405
Malware in sbrugna...
EUVD-2018-5482
Malware in sbrugna...
EUVD-2018-5583
Malware in sbrugna...
EUVD-2018-5640
Malware in sbrugna...