11 matches found
mppx 安全漏洞
MPPX is a blockchain-based payment protocol SDK developed by Wevm. Versions of MPPX prior to 0.4.11 contained security vulnerabilities. These vulnerabilities stemmed from the stripe/charge payment method not checking Stripe’s Idempotent-Replayed response header, which could allow attackers to...
CVE-2026-33661
Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the verifywechatsign function in src/Functions.php unconditionally skips all signature verification when the PSR-7 request reports localhost as the host. An attacker can exploit this...
Malicious code in @emilgroup/payment-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f542634a5cc2ab40aeafc714c61c2d4dff67459d127e423f535812ac1b05b60 The package @emilgroup/payment-sdk was found to contain malicious code. Source: ghsa-malware...
MAL-2026-2057 Malicious code in @emilgroup/payment-sdk-node (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83fcb6922c65850eff14baf7a463c2b14b358ffebdc5a15c312ec7328a142407 The package @emilgroup/payment-sdk-node was found to contain malicious code. Source: ghsa-malware...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...
Malicious code in paymaya-payment-js-sdk (npm)
The package paymaya-payment-js-sdk was found to contain malicious code...
MAL-2025-32787 Malicious code in schibsted-payment-sdk (npm)
The package schibsted-payment-sdk was found to contain malicious code...
MAL-2022-7374 Malicious code in zalopay-payment-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f2446418ad41cf8aea6d5900977109ccc23b832966a0c1d481fadf1e6f63720 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in zalopay-payment-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f2446418ad41cf8aea6d5900977109ccc23b832966a0c1d481fadf1e6f63720 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...