MAL-2026-2056 Malicious code in @emilgroup/payment-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f542634a5cc2ab40aeafc714c61c2d4dff67459d127e423f535812ac1b05b60 The package @emilgroup/payment-sdk was found to contain malicious code. Source: ghsa-malware...

CVE-2026-33346

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting XSS vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser o...

MAL-2026-345 Malicious code in private-payment-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 96c4346497d58e1d5eca5c47353d4491578827b6095eb0f62dc7ff4449c0758b The package private-payment-lib was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-3261

Malicious code in private-payment-lib npm...

cn.bee-cloud:beecloud-service-wechat (>=6.1.12b <=6.2.09), cn.chiship.sdk:chiship-sdk-pay (>=1.1.4 <=2.7.1) +18 more potentially affected by CVE-2018-13439 via com.github.wxpay:wxpay-sdk (=0.0.3)

com.github.wxpay:wxpay-sdk MAVEN version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.wxpay:wxpay-sdk and may be impacted: - cn.bee-cloud:beecloud-service-wechat =6.1.12b, =1.1.4, =4.20.0, =1.1.3, =0.1, =0.0.1.RELEASE,...

CVE-2020-23533

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code MAC which is generated based on a secret key which is NULL...