Lucene search
K

980 matches found

NVD
NVD
added 6 days ago10 views

CVE-2026-1989

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS0.00407EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-1989

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-42553

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS5.9AI score0.00407EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-1989

Technical details of CVE-2026-1989 are not publicly available in the provided documents; monitor for updates.

7.5CVSS5.9AI score0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-1989 IDOR in PAVO Inc.'s PAVO Pay

Authorization bypass through User-Controlled key vulnerability in PAVO Financial Technology Solutions Inc. PAVO Pay allows Exploitation of Trusted Identifiers. This issue affects PAVO Pay: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

7.5CVSS0.00407EPSS
Exploits0References1
NVD
NVD
added 2026/07/05 9:16 p.m.9 views

CVE-2026-14769

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...

7.5CVSS0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 8:15 p.m.8 views

CVE-2026-14769

A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/05 8:15 p.m.10 views

CVE-2026-14769

The CVE-2026-14769 entry concerns code-projects Real State Services 1.0. A vulnerability in processing the file /pay.php allows manipulation of the Bankname parameter that leads to a SQL injection. The issue appears to be exploitable remotely and public exploit details are available. Metrics indi...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/01 6:57 p.m.8 views

Timing Attack

Overview pay is a package for processing payments in Ruby on Rails apps Affected versions of this package are vulnerable to Timing Attack via the validsignature? function. An attacker can recover valid webhook signatures by sending multiple requests with crafted Paddle-Signature header values and...

9.1CVSS6AI score
Exploits0References2
NVD
NVD
added 2026/06/27 8:16 a.m.9 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/27 6:50 a.m.9 views

CVE-2026-3462

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/06/27 6:50 a.m.40 views

CVE-2026-3462 Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS0.00276EPSS
Exploits1References5
CVE
CVE
added 2026/06/27 6:50 a.m.18 views

CVE-2026-3462

CVE-2026-3462 affects the Frisbii Pay plugin for WordPress (all versions up to 1.8.9). The vulnerability arises from missing capability checks on upload_csv and process_batch, enabling authenticated attackers with Subscriber-level access or higher to modify data by uploading arbitrary CSVs and ov...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/27 6:50 a.m.10 views

EUVD-2026-39958

The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'uploadcsv' and 'processbatch' functions in all versions up to, and including, 1.8.9. This makes it possible for authenticated attackers, with Subscriber-level access an...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.14 views

PT-2026-53057

Name of the Vulnerable Software and Affected Versions Frisbii Pay versions prior to 1.9.0 Description Authenticated users with Subscriber-level access and above can perform unauthorized modification of data. This is caused by missing capability checks in the upload csv and process batch functions...

6.5CVSS5.9AI score0.00276EPSS
Exploits1References10
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56038

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.33 views

CVE-2026-56038 WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.12 views

CVE-2026-56038

The CVE-2026-56038 entry concerns the WordPress Frisbii Pay plugin, affected on versions ≤ 1.8.2. The connected documents identify a privilege-escalation issue titled “Contributor Privilege Escalation,” indicating an attacker with low access could elevate to contributor privileges. The root cause...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:52 p.m.7 views

EUVD-2026-39700

Contributor Privilege Escalation in Frisbii Pay = 1.8.2 versions...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/24 2:24 p.m.5 views

WordPress Frisbii Pay plugin <= 1.8.2 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Denver Jackson in WordPress Plugin Frisbii Pay versions = 1.8.2...

8.8CVSS5.8AI score0.00232EPSS
Exploits0Affected Software1
Rows per page
Query Builder