CVE-2025-15147 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership Payment

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.11.8 via the 'WCFMvmMembershipsPaymentController::processing' due to missing validation on a user controlled key...

EUVD-2024-0229

Malicious code in bioql PyPI...

EUVD-2025-7155

Malicious code in bioql PyPI...

PT-2025-10598 · Unknown · Information Kerala Mission Sanchaya

Name of the Vulnerable Software and Affected Versions: Information Kerala Mission SANCHAYA version 3.0.4 Description: The issue in the Property Tax Payment Portal of Information Kerala Mission SANCHAYA allows attackers to arbitrarily modify payment amounts via a crafted request. Recommendations:...

Information Kerala Mission SANCHAYA 安全漏洞

Information Kerala Mission SANCHAYA is a web-based application of the Information Kerala Mission Government of India department through which citizens can check their tax dues. A security vulnerability exists in Information Kerala Mission SANCHAYA v3.0.4. An attacker can exploit the vulnerability...

CVE-2025-25382

An issue in the Property Tax Payment Portal in Information Kerala Mission SANCHAYA v3.0.4 allows attackers to arbitrarily modify payment amounts via a crafted request...

CVE-2024-22407 Broken Access Control order API in Shopware

Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for order...

CVE-2020-18416

An cross site request forgery CSRF vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information...

CVE-2020-18416

An cross site request forgery CSRF vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information...

Jymusic 跨站请求伪造漏洞

Jymusic is a dtorp06 open source application. A security vulnerability exists in Jymusic version v2.0.0. An attacker exploited the vulnerability to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 and modify payment information...

Mccms has a flawed logic vulnerability

Mccms is a comic + novel system developed using the Ci framework as its core. Mccms has a logic flaw vulnerability that can be exploited by attackers to modify the payment amount...

Sea Cormorant Technology hospital food ordering applet has a flawed logic vulnerability

Guangzhou Hai Cormorant Network Technology Co., Ltd, referred to as: Hai Cormorant Technology, was founded on May 19, 2014, focusing on the healthcare industry, the main business includes the development and operation of intelligent mobile service platforms for WeChat Service Number, Alipay Life...

Logic flaw vulnerability exists in cmseasy (CNVD-2020-51413)

EasTone enterprise website system alias CmsEasy is the only free WeChat + cell phone end + micro site + cell phone SMS + online sales + multi-language website combination of enterprise marketing management platform. CmsEasy has a logic flaw vulnerability that can be exploited by attackers to modi...

5vshop e-commerce system has a logic flaw vulnerability

5vshop e-commerce system is shijiazhuang zhenghong network technology limited company a station building system. 5vshop e-commerce system has a logic flaw vulnerability, attackers can use this vulnerability to arbitrarily modify the payment amount, resulting in economic losses...

Shijiazhuang City Zhenghong Network Technology Co., Ltd. Shop7z Online Shopping System Ultimate Edition has a logic flaw vulnerability

Shop7z online shopping system is ASP online store platform software, providing comprehensive application services based on Internet solutions. Shijiazhuang City, Zhenghong Network Technology Co., Ltd Shop7z Online Shopping System Ultimate Edition there is a logic flaw vulnerability, an attacker c...

Logic flaw vulnerability exists in cmseasy (CNVD-2020-32605)

CmsEasy is a website content management system based on PHP+Mysql architecture and a PHP development platform. CmsEasy has a logic flaw vulnerability that can be exploited by attackers to modify payment amounts...

Leaf Node Weaknesses in Bitcoin Merkle Tree Designs

Merkle tree in Chinese is called Merkle tree, is a kind of tree in computer data structure. The vulnerability stems from certain weaknesses in the design of leaf nodes in a Merkle tree. An attacker can exploit this vulnerability to modify arbitrary payment amounts...

PHP Scripts Mall Auction website script input validation vulnerability

PHP Scripts Mall Auction website script is an online auction website system by PHP Scripts Mall India. An input validation vulnerability exists in PHP Scripts Mall Auction website script version 2.0.4, which can be exploited by an attacker to modify the amount of payment...

Multiple vulnerabilities in IdeaCMS v2.1.0 plug/user/index.asp page

IdeaCMS website management system is by the three skin network technology limited company the original day side of the network based on the Asp + Access/Mssql environment to develop a rapid station-building system. IdeaCMS v2.1.0 plug/user/index.asp page parallel override, logical design and SQL...