CVE-2026-6319

Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

Your Guide to PCI DSS 4.0.1 Web Application and API Controls with a Simplified Path to Compliance

Executive Summary PCI DSS 4.0.1 compliance mandates stricter security controls for web applications and APIs. Key updates include maintaining an inventory of custom software PCI 6.3.2 and managing payment page scripts to prevent skimming attacks PCI 6.4.3. Organizations must also adopt risk-based...

nsKnox Launches Adaptive Payment Security™, Revolutionizing B2B Fraud Prevention by Solving the ‘Impossible Triangle’ of Speed, Certainty, and Effort

New York, New York, USA, 27th October 2025, CyberNewsWire...

EUVD-2024-2586

Malicious code in bioql PyPI...

CVE-2020-8818

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

SoK: Security of EMV Contactless Payment Systems

The widespread adoption of EMV Europay, Mastercard, and Visa contactless payment systems has greatly improved convenience for both users and merchants. However, this growth has also exposed significant security challenges. This SoK provides a comprehensive analysis of security vulnerabilities in...

CVE-2024-33973

SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in...

编号撤回

RedSys 3DSecure is a payment security technology from RedSys, Spain, designed to improve the security of online transactions, especially during credit and debit card payments. This CVE number has been withdrawn...

编号撤回

RedSys 3DSecure is a payment security technology from RedSys, Spain, designed to improve the security of online transactions, especially during credit and debit card payments. This CVE number has been withdrawn...

Criminal IP Secures PCI DSS v4.0 Certification, Enhancing Payment Security with Top-Level Compliance

Torrance, United States / California, 4th September 2024, CyberNewsWire...

PCI DSS v4.0.1: Meeting New Client-Side Security Requirements

Learn how Akamai Client-Side Protection & Compliance helps organizations meet the latest payment security updates and clarifications outlined in PCI DSS v4.0.1...

What is the tokenization process and why it is so important?

By Owais Sultan A large number of e-commerce payment platforms use effective payment gateway tools and effectively integrate them with an… This is a post from HackRead.com Read the original post: What is the tokenization process and why it is so important?...

How to Avoid Black Friday Scams Online

'Tis the season for swindlers and hackers. Use these tips to spot frauds and keep your payment info secure...

Open Source SACCO Management System SQL注入漏洞

Open Source SACCO Management System is an open source SACCO management system by Mayuri K. Individual developer. An SQL injection vulnerability exists in Open Source SACCO Management System v1.0, which originates from a security issue with the id parameter of...

Surge in Malicious QR Codes Sparks FBI Alert

Menus, event ticket sales, quick site access — QR codes have become a common way to interact as a result of the COVID-19 pandemic. But the smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert. QR codes are the...

Urban Company: Exposed data of credit card details to hacker or attacker.

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Name of Vulnerability:...

CVE-2021-21189

CVE-2021-21189 is a policy-enforcement vulnerability in the Chromium/Chromium-based browser payments component, allowing navigation/policy bypass via a crafted HTML page in versions prior to 89.0.4389.72. Public documents confirm the issue affects Chromium’s payments logic and that upstream fixes...

PT-2021-06: Lack of integrity checks of the MCC field

EMV used as a predecessor of mobile wallets does not require putting some mandatory fields as a cryptogram input. These fields are crucial for risk management steps, and their tampering can bypass payment restrictions. Alternatively, mobile wallets should send the information about the type of...

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual...

CVE-2019-9864

PHP Scripts Mall Amazon Affiliate Store 2.1.6 allows Parameter Tampering of the payment amount...