9 matches found
CVE-2026-53961
CVE-2026-53961 concerns Discourse, an open-source discussion platform. Prior to the fixed versions, the AWS SES bounce webhook at POST /webhooks/aws did not bind SNS-signed messages to trusted TopicArn values, enabling any AWS account holder to publish forged Bounce notifications that revoke a ta...
CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...
CVE-2026-2428
The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...
PT-2026-22290
Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack for WordPress versions through 6.1.17 Description The software contains a flaw related to insufficient verification of data authenticity. Specifically, PayPal IPN Instant Payment Notification verification is disabl...
CVE-2026-0692 BlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation
The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.4.0. This is due to the plugin relying on WooCommerce's WCGeolocation::getipaddress function to validate IPN requests, which trusts user-controllable...
CVE-2023-43995
An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
PT-2024-13162 · Line · Line
Name of the Vulnerable Software and Affected Versions: Line version 13.6.1 Description: An issue in the Books-futaba mini-app on Line allows attackers to send crafted malicious notifications via leakage of the channel access token. This leakage enables attackers to exploit the system, potentially...
PT-2023-1716 · Moxa · Nport 6000 +1
Name of the Vulnerable Software and Affected Versions: Line version 13.6.1 NPort 6000 affected versions not specified NPort Windows Driver Manager affected versions not specified Description: An issue in the Cleaning makotoya mini-app on Line allows attackers to send crafted malicious notificatio...