1919 matches found
CVE-2026-56341
AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...
CVE-2026-56341 AVideo - Unauthenticated Access to Payment Log DataTables Endpoints via list.json.php
AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...
CVE-2026-56341
AVideo prior to 26.1 (through version 26.0) exposes unauthenticated access to payment data via multiple list.json.php endpoints in payment plugins, lacking authorization checks. The issue enables retrieval of PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records, including agreem...
EUVD-2026-38130
AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing PayPal tokens, Authorize.Net webhooks, and Bitcoin transaction records. Unauthenticated attackers can retrieve all payment transaction data including...
CVE-2023-7346
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...
CVE-2023-7346 Ledger Bitcoin App 2.1.0 Address Derivation Error via Miniscript
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...
CVE-2023-7346 Ledger Bitcoin App 2.1.0 Address Derivation Error via Miniscript
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...
CVE-2023-7346
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...
EUVD-2023-60577
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...
CVE-2023-7346
Technical details (affected versions, exploit methods, mitigations) are not publicly provided in the supplied documents. Monitor for updates from official sources.
Ledger Bitcoin app 安全漏洞
The Ledger Bitcoin app is an open-source application developed by Ledger, which runs on the Ledger hardware wallet. There are security vulnerabilities in the 2.1.0 and 2.1.1 versions of the Ledger Bitcoin app. These vulnerabilities stem from improper handling of miniscripts containing the ‘a’...
PT-2026-42182
Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...
p11-kit: NULL dereference via C_DeriveKey with specific NULL parameters
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the CDeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potential...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
EUVD-2024-55566
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
CVE-2024-52911
Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14...
PT-2026-37224
Name of the Vulnerable Software and Affected Versions Bitcoin Core versions 0.14 through 28.x Description A high-severity memory safety issue exists in the script validation engine of the main node software. This use-after-free flaw—a type of memory corruption that occurs when a program continues...