Lucene search
K

11 matches found

CNNVD
CNNVD
added 2026/03/31 12:0 a.m.9 views

mppx 安全漏洞

MPPX is a blockchain-based payment protocol SDK developed by Wevm. Versions of MPPX prior to 0.4.11 contained security vulnerabilities. These vulnerabilities stemmed from the stripe/charge payment method not checking Stripe’s Idempotent-Replayed response header, which could allow attackers to...

8.1CVSS5.8AI score0.00494EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 10:16 p.m.6 views

CVE-2026-33661

Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...

8.6CVSS0.00503EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 6:11 p.m.6 views

Malicious code in @emilgroup/payment-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f542634a5cc2ab40aeafc714c61c2d4dff67459d127e423f535812ac1b05b60 The package @emilgroup/payment-sdk was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/22 6:10 p.m.2 views

MAL-2026-2057 Malicious code in @emilgroup/payment-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83fcb6922c65850eff14baf7a463c2b14b358ffebdc5a15c312ec7328a142407 The package @emilgroup/payment-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/03/20 10:0 p.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/03/20 10:0 p.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.2 views

Malicious code in paymaya-payment-js-sdk (npm)

The package paymaya-payment-js-sdk was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.2 views

MAL-2025-32787 Malicious code in schibsted-payment-sdk (npm)

The package schibsted-payment-sdk was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2022/06/20 9:13 p.m.7 views

MAL-2022-7374 Malicious code in zalopay-payment-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f2446418ad41cf8aea6d5900977109ccc23b832966a0c1d481fadf1e6f63720 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 9:13 p.m.2 views

Malicious code in zalopay-payment-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f2446418ad41cf8aea6d5900977109ccc23b832966a0c1d481fadf1e6f63720 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/12/17 6:30 p.m.3 views

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

5.8CVSS7.2AI score0.09254EPSS
Exploits0References4
Rows per page
Query Builder