Lucene search
K

9 matches found

CVE
CVE
added 5 days ago8 views

CVE-2026-53961

CVE-2026-53961 concerns Discourse, an open-source discussion platform. Prior to the fixed versions, the AWS SES bounce webhook at POST /webhooks/aws did not bind SNS-signed messages to trusted TopicArn values, enabling any AWS account holder to publish forged Bounce notifications that revoke a ta...

6.5CVSS6AI score0.00221EPSS
Exploits0References9
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-53961 Discourse: Forged AWS SNS bounce notifications can disable a targeted user's email (missing TopicArn binding)

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the AWS SES bounce webhook at POST /webhooks/aws verified that SNS messages were signed by Amazon but did not bind them to trusted TopicArn values, allowing any AWS account holder to publish...

6.5CVSS0.00221EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/07 12:6 a.m.25 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the SNS HTTP/HTTPS notification endpoints due to missing signature verification. An attacker can cause the application to process arbitrary payloads as legitimate notifications, auto-confi...

6.3CVSS5.9AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 4:16 a.m.8 views

CVE-2026-2428

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in all versions up to, and including, 6.1.17. This is due to the PayPal IPN Instant Payment Notification verification being disabled by default disableipnverification defaults to...

7.5CVSS0.00139EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22290

Name of the Vulnerable Software and Affected Versions Fluent Forms Pro Add On Pack for WordPress versions through 6.1.17 Description The software contains a flaw related to insufficient verification of data authenticity. Specifically, PayPal IPN Instant Payment Notification verification is disabl...

7.5CVSS5.9AI score0.00139EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/02/14 4:35 a.m.35 views

CVE-2026-0692 BlueSnap Payment Gateway for WooCommerce <= 3.4.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Manipulation

The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.4.0. This is due to the plugin relying on WooCommerce's WCGeolocation::getipaddress function to validate IPN requests, which trusts user-controllable...

7.5CVSS0.00281EPSS
Exploits0References3
OSV
OSV
added 2024/01/24 10:15 a.m.4 views

CVE-2023-43995

An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...

5.4CVSS5.8AI score0.0036EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.7 views

PT-2024-13162 · Line · Line

Name of the Vulnerable Software and Affected Versions: Line version 13.6.1 Description: An issue in the Books-futaba mini-app on Line allows attackers to send crafted malicious notifications via leakage of the channel access token. This leakage enables attackers to exploit the system, potentially...

5.4CVSS7.2AI score0.00402EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.5 views

PT-2023-1716 · Moxa · Nport 6000 +1

Name of the Vulnerable Software and Affected Versions: Line version 13.6.1 NPort 6000 affected versions not specified NPort Windows Driver Manager affected versions not specified Description: An issue in the Cleaning makotoya mini-app on Line allows attackers to send crafted malicious notificatio...

10CVSS5.5AI score0.0036EPSS
Exploits1References8
Rows per page
Query Builder