Lucene search
K

72 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.6 views

CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS5.8AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/02/26 10:20 p.m.9 views

CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS0.00275EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/26 9:44 p.m.2 views

CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS5.7AI score0.00275EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/26 9:44 p.m.2 views

CVE-2026-25741 Zulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing Users

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS5.8AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/26 9:44 p.m.5 views

EUVD-2026-8893

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS5.4AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2026/02/26 9:44 p.m.6 views

CVE-2026-25741 Zulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing Users

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS5.8AI score0.00275EPSS
Exploits0References4
CVE
CVE
added 2026/02/26 9:44 p.m.17 views

CVE-2026-25741

Zulip CVE-2026-25741 affects the Zulip Cloud payment processing flow. Before commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Che...

7.1CVSS5.4AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/26 9:44 p.m.19 views

CVE-2026-25741 Zulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing Users

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS0.00275EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.6 views

PT-2026-22199

Name of the Vulnerable Software and Affected Versions Zulip versions prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7 Description Zulip is a team collaboration tool. A flaw existed in the API endpoint used for creating a card update session during an upgrade process, allowing users with...

7.1CVSS5.9AI score0.00275EPSS
Exploits0References7
NVD
NVD
added 2025/11/12 9:15 a.m.5 views

CVE-2025-12903

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...

7.5CVSS0.0041EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-10288

Malware in sbrugna...

7.5CVSS8AI score0.00563EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:17 p.m.10 views

CVE-2021-23178

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

7.5CVSS6.7AI score0.00563EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2024/08/22 3:58 p.m.15 views

Hundreds of online stores hacked in new campaign

Whenever you shop online and enter your payment details, you could be at risk of being a victim of fraud. Digital skimmers are snippets of code that have been injected into online stores and they can steal your credit card number, expiration date and CVV/CVC as you type it in. We recently detecte...

7.2AI score
Exploits0
OSV
OSV
added 2024/03/06 11:1 a.m.18 views

BIT-ODOO-2021-23178

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

7.5CVSS7.4AI score0.00563EPSS
Exploits0References3
wpexploit
wpexploit
added 2023/08/23 12:0 a.m.148 views

Leyka < 3.30.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Note: The issue was reported to the...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
Veracode
Veracode
added 2023/07/22 9:44 a.m.20 views

Improper Access Control

odoo is vulnerable to Improper Access Control. The vulnerability allows an attacker to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

7.5CVSS6.7AI score0.00563EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/25 7:15 p.m.2 views

DEBIAN-CVE-2021-23178

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

7.5CVSS7.5AI score0.00563EPSS
Exploits0References1
NVD
NVD
added 2023/04/25 7:15 p.m.16 views

CVE-2021-23178

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

7.5CVSS7.6AI score0.00563EPSS
Exploits0References2
Prion
Prion
added 2023/04/25 7:15 p.m.15 views

Improper access control

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

5CVSS7.5AI score0.00563EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/04/25 7:15 p.m.3 views

UBUNTU-CVE-2021-23178

Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead...

7.5CVSS7.2AI score0.00563EPSS
Exploits0References3
Rows per page
Query Builder