CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization

A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulatio...

EUVD-2025-23361

Malicious code in bioql PyPI...

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

CVE-2025-46018

CVE-2025-46018 affects CSC Pay Mobile App, version 2.19.4 (fixed in 2.20.0). A vulnerability in the Bluetooth-based payment authentication module allows a user to bypass payment authorization by disabling Bluetooth at a specific point during a transaction, potentially enabling unauthorized use of...

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

PT-2025-31639 · Unknown · Csc Pay Mobile App

Name of the Vulnerable Software and Affected Versions: CSC Pay Mobile App versions prior to 2.20.0 Description: The CSC Pay Mobile App contains an issue that allows users to bypass payment authorization by disabling Bluetooth during a transaction. This bypass could lead to unauthorized use of...

CVE-2025-30152

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...

CVE-2025-30152

CVE-2025-30152 : The Sylius PayPal Plugin (for PayPal Commerce) has an order manipulation vulnerability after PayPal Checkout. Before versions 1.6.2, 1.7.2, and 2.0.2, a user can return to the order summary page and modify the cart contents, potentially causing the merchant to receive less paymen...

Payment authorization and one-time passwords – Mobile Token

By Uzair Amir Isnt it shocking that people still use passwords like QWERTY12, 1234, or pet names for their online accounts?… This is a post from HackRead.com Read the original post: Payment authorization and one-time passwords – Mobile Token...

CVE-2022-0421

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the payment status of arbitrary bookings. Furthermore, due to the lack of sanitisation and escaping,...

Stealing Voice Prints

This article feels like hyperbole: The scam has arrived in Australia after being used in the United States and Britain. The scammer may ask several times "can you hear me?", to which people would usually reply "yes." The scammer is then believed to record the "yes" response and end the call. That...

CHARGE Anywhere Breached, Plain Text Data Accessed

CHARGE Anywhere, a New Jersey-based developer of payment gateway and mobile payment applications, on Tuesday disclosed that it had been breached and that hackers had access to transactions leaving its network, perhaps going back as far as 2009. Most of the traffic was encrypted, the company said ...