223 matches found
Malicious code in coinbase-wallet-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ab9b05ffef17005997a718b420c7842eaa66c9e8b6586f8f62ccaeeb3d35a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview coinbase-wallet-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-5499 Malicious code in coinbase-wallet-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1ab9b05ffef17005997a718b420c7842eaa66c9e8b6586f8f62ccaeeb3d35a4b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2026-6709
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
Malicious code in cb-wallet-http (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e8d704c0a6a48da0e2fef8eddcd1f98e7d380c3e19f22753f3df51d9893f60ce Package name mimics Coinbase's internal cb-wallet- namespace to capture dependency-confusion resolutions. On npm install postinstall.js and on...
EUVD-2026-29408
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
CVE-2026-6709
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
CVE-2026-6709
CVE-2026-6709 affects the WordPress plugin Coinbase Commerce for Contact Form 7 in versions up to and including 1.1.2. Root cause: missing capability check and nonce verification in the save_settings() function registered on the admin_post_cccf7_save_settings hook. Impact: authenticated attackers...
CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
CVE-2026-6709 Coinbase Commerce for Contact Form 7 <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification via 'cccf7_api_key' Parameter
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the savesettings function, which is registered on the adminpostcccf7savesettings...
WordPress plugin Coinbase Commerce for Contact Form 7 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
PT-2026-39963
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the save settings function, which is registered on the admin post cccf7 save...
WordPress Coinbase Commerce for Contact Form 7 plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) API Key Modification vulnerability
Missing Authorization to Authenticated Subscriber+ API Key Modification vulnerability discovered by Legion Hunter in WordPress Plugin Coinbase Commerce for Contact Form 7 versions = 1.1.2...
CVE-2026-44500
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.4.0, prior to zebra-chain version 7.0.0, and prior to zebra-network version 6.0.0, several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter...
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers
CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...
Zebra's Block Validator Undercounts Coinbase and P2SH Sigops
Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcas...
GHSA-JV4H-J224-23CC Zebra's Block Validator Undercounts Coinbase and P2SH Sigops
Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAXBLOCKSIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while zcas...
PT-2026-38619
Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit MAX BLOCK SIGOPS, allowing it to accept blocks that zcashd rejects with bad-blk-sigops. A miner who produces such a block can split the network: Zebra nodes follow the offending chain while...
PT-2026-38620
CVE-2026-44500: Allocation Amplification in Inbound Network Deserializers Summary Several inbound deserialization paths in Zebra allocated buffers sized against generic transport or block-size ceilings before the tighter protocol or consensus limits were enforced. An unauthenticated or...
CVE-2026-25396
Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Commerce Coinbase For WooCommerce: from n/a through = 1.6.6...