Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/04/04 12:0 a.m.1 views

PT-2026-30333

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without authentication. The endpoint was intended as an AJAX polling helper for the authenticated...

3.7CVSS5.9AI score0.00019EPSS
Exploits1References4
EUVD
EUVDadded 2026/03/13 9:31 p.m.1 views

EUVD-2026-11766

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/03/13 8:25 a.m.21 views

CVE-2026-2888 Formidable Forms <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS0.00026EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/13 8:25 a.m.2 views

CVE-2026-2888 Formidable Forms <= 6.28 - Unauthenticated Payment Amount Manipulation via 'item_meta' Parameter

The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the frmstrpamount AJAX handler updateintentajax overwriting the global $POST data with attacker-controlled JSON input and then...

5.3CVSS5.8AI score0.00026EPSS
Exploits0References5
OSV
OSVadded 2025/03/10 4:15 p.m.3 views

CVE-2025-25382

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...

7.5CVSS5.8AI score0.0019EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2023/11/17 9:50 p.m.16 views

@vendure/core's insecure currencyCode handling allows wrong payment amounts

Impact Currently, in many Vendure deployments it's possible to select any currencyCode really any, doesn't need to be assigned to the channel and pay through Mollie and Stripe in that particular currencyCode. The prices are not transformed. The result is the Order is in Payment Settled in the...

7.2AI score
Exploits0References3Affected Software1
CNVD
CNVDadded 2020/05/27 12:0 a.m.3 views

Logic Flaw Vulnerability in Shop7z Online Mall Shopping System Fashion Edition

Shop7z belongs to Shijiazhuang Zhenhong Network Technology Co., Ltd. and has been committed to enterprise Internet application related services since 2004. A logic flaw vulnerability exists in the fashion version of the Shop7z online mall shopping system. An attacker can exploit the vulnerability...

6.9AI score
Exploits0
Rows per page
Query Builder