CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

94 matches found

CVE-2026-47696

WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...

7.1CVSS5.9AI score0.00018EPSS

Exploits1References2Affected Software1

CVE•added 2026/05/02 11:16 a.m.•11 views

CVE-2026-4100

The CVE concerns the Paid Memberships Pro plugin for WordPress, affecting all versions up to 3.6.5. The root cause is missing capability checks on three AJAX handlers: wp_ajax_pmpro_stripe_create_webhook, wp_ajax_pmpro_stripe_delete_webhook, and wp_ajax_pmpro_stripe_rebuild_webhook. This allows a...

7.1CVSS5.8AI score0.00047EPSS

Exploits0References2

Vulnrichment•added 2026/05/02 11:16 a.m.•1 views

CVE-2026-4100 Paid Memberships Pro <= 3.6.5 - Missing Authorization to Authenticated (Subscriber+) Stripe Webhook Deletion and Payment Processing Disruption

The Paid Memberships Pro plugin for WordPress is vulnerable to unauthorized modification and disruption of Stripe webhook configuration in all versions up to, and including, 3.6.5. This is due to missing capability checks on the wpajaxpmprostripecreatewebhook, wpajaxpmprostripedeletewebhook, and...

7.1CVSS5.8AI score0.00047EPSS

Exploits0References2

Snyk•added 2026/03/07 2:37 a.m.•2 views

Improper Authentication

Overview @x402/svm is a x402 Payment Protocol SVM Implementation Affected versions of this package are vulnerable to Improper Authentication in facilitator payment processing on Solana. An attacker can interfere with or manipulate payment transactions by exploiting a race condition. Remediation...

6CVSS5.8AI score

Exploits0References2

ATTACKERKB•added 2026/02/26 9:44 p.m.•1 views

CVE-2026-25741

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS5.7AI score0.00018EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 12:16 p.m.•5 views

CVE-2018-1000669

KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Request Forgery CSRF vulnerability in /cgi-bin/koha/members/paycollect.pl Parameters affected: borrowernumber, amount, amountoutstanding, paid that can result in Attackers can mark payments a...

8.8CVSS7.2AI score0.00136EPSS

Exploits1References1

CVE•added 2025/12/13 5:42 a.m.•11 views

CVE-2025-12362

CVE-2025-12362 affects the WordPress plugin myCred – Points Management System (

5.3CVSS5.7AI score0.00106EPSS

Exploits0References3

Positive Technologies•added 2025/12/13 12:0 a.m.•1 views

PT-2025-51087

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This mak...

5.3CVSS6AI score0.00106EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-1876

Malware in sbrugna...

7.5CVSS7.6AI score0.00344EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-11656