CVE-2026-3462

CVE-2026-3462 affects the Frisbii Pay plugin for WordPress (all versions up to 1.8.9). The vulnerability arises from missing capability checks on upload_csv and process_batch, enabling authenticated attackers with Subscriber-level access or higher to modify data by uploading arbitrary CSVs and ov...

EUVD-2026-29394

The iPOSpays Gateways WC plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.3.7. This is due to the plugin exposing a REST API endpoint /wp-json/ipospays/v1/savesettings with 'permissioncallback' set to 'returntrue', which allows unauthenticated access...

CVE-2026-4663

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39608. Reason: This candidate is a reservation duplicate of CVE-2026-39608. Notes: All CVE users should reference CVE-2026-39608 instead of this candidate. All references and descriptions in this candidate have been...

CVE-2026-4663

The CVE-2026-4663 entry is linked to the WordPress payment plugin issue described by EUVD-2026-29394: the iPOSpays Gateways WC plugin for WordPress has a Missing Authorization vulnerability up to version 1.3.7. The root cause is a REST API endpoint exposed at /wp-json/ipospays/v1/save_settings wh...

CVE-2026-4663

...

CVE-2025-46288

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens...

CVE-2025-46288

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens...

CVE-2025-46288

A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens...

CVE-2025-46288

The CVE affects Apple platforms (visionOS, iOS, iPadOS, watchOS, macOS Tahoe) with a permissions issue that could allow an app to access sensitive payment tokens. Root cause is insufficient privilege restrictions; the issue is fixed in visionOS 26.2, iOS 26.2, iPadOS 26.2, watchOS 26.2, and macOS...

CVE-2025-46288

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An app may be able to access sensitive payment tokens...

CVE-2025-46288

A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens...

About the security content of macOS Tahoe 26.2

About the security content of macOS Tahoe 26.2 This document describes the security content of macOS Tahoe 26.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

PT-2025-51912

Name of the Vulnerable Software and Affected Versions visionOS versions prior to 26.2 iOS versions prior to 26.2 iPadOS versions prior to 26.2 watchOS versions prior to 26.2 macOS versions prior to Tahoe 26.2 Description An issue involving insufficient permissions restrictions was identified. Thi...

CVE-2025-12903

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...

CVE-2025-12903 Payment Plugins Braintree For WooCommerce <= 3.2.78 - Missing Authorization to Payment Token Exposure and Transaction Fraud

The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaultednonce REST API endpoint in all versions up to, and including, 3.2.78. This is due to the endpoint being registered with...

CVE-2025-12903

The CVE-2025-12903 concerns the WordPress plugin Payment Plugins Braintree For WooCommerce. It affects all versions up to 3.2.78 and arises from a missing capability check on the REST endpoint wc-braintree/v1/3ds/vaulted_nonce, registered with permission_callback set to __return_true. This allows...

initialMarket always initialize the latest market

Handle jonah1005 Vulnerability details Impact In longshort contract's initializeMarket, while it should initialize according to the parameter marketIndex, it initialize latestMarket. This would break two market, the market of marketIndex' and the latest market. User's fund would get stuck at the...

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two...

Upserve : Payment method token being sent to 3rd party analytics service

Vulnerability Details: Payment Tokens can be re-used to link the Credit Card to Another Users Account. When Linking a Credit Card, a url with Paymentmethodtoken will be generated and then the user will be redirected to the generated url F523794 Then, a Request will be Made to orders.upserve.com t...