40 matches found
One million customers on alert as extortion group claims massive Brightspeed data haul
US fiber broadband company Brightspeed is investigating claims by the Crimson Collective extortion group that it stole sensitive data belonging to more than 1 million residential customers, including extensive personally identifiable information PII, as well as account and billing details...
EUVD-2025-30793
Malicious code in bioql PyPI...
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
CVE-2025-55886
CVE-2025-55886 concerns ARD. Affected component is the payment history API endpoint where the fe_uid parameter is used to fetch a user’s payment history. The underlying issue is an Insecure Direct Object Reference (IDOR) allowing an authenticated attacker to manipulate fe_uid to access other user...
ARD GEC en Ligne 安全漏洞
ARD GEC en Ligne is an online service portal of ARD France. A security vulnerability exists in ARD GEC en Ligne that stems from an insecure direct object reference to the feuid parameter in the payment history API endpoint, which could lead to unauthorized access to another user's payment history...
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
CVE-2025-55886
An Insecure Direct Object Reference IDOR vulnerability was discovered in ARD. The flaw exists in the feuid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization...
PT-2025-38757
Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in ARD. The flaw is located in the fe uid parameter of the payment history API endpoint. An authenticated attacker can manipulate thi...
CVE-2022-2387
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...
CVE-2022-30512
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/paymenthistory.php:31...
CVE-2025-22209
A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...
PT-2025-6942 · Joomla · Js Jobs
Name of the Vulnerable Software and Affected Versions: JS Jobs plugin versions 1.1.5 through 1.4.3 for Joomla Description: A SQL injection issue allows authenticated attackers, with administrator privileges, to execute arbitrary SQL commands via the searchpaymentstatus parameter in the Employer...
CVE-2024-5109
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view/studentpaymenthistory.php. The manipulation of the argument index leads to sql injection. The attack...
Complete Web-Based School Management System SQL注入漏洞
Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A SQL injection vulnerability exists in Campcodes Complete Web-Based School Management System version 1.0, which originates from an unknown function in /view/student...
PT-2024-34520 · Unknown · Campcodes Complete Web-Based School Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /view/student payment history.php. The manipulation of the index...
CVE-2022-2387
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...
CVE-2022-2387
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...
Cross site request forgery (csrf)
The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack...
PT-2022-16302 · WordPress · Easy Digital Downloads
Name of the Vulnerable Software and Affected Versions: Easy Digital Downloads WordPress plugin versions prior to 3.0 Description: The issue arises from the lack of a CSRF check when deleting payment history, and the failure to verify that the post to be deleted is actually a payment history. This...