Lucene search
K

2173 matches found

CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

WordPress plugin WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More 数据伪造问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.4AI score0.00202EPSS
Exploits0References15
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:28 p.m.8 views

CVE-2026-8608

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.9 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-32270

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...

6.3CVSS5.3AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-47745

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions enable, disable, edit, delete that were rendered for any authenticated panel user without checking the corresponding per-action...

6.5CVSS5.5AI score0.00221EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-46818

Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Payments. Successful...

7.4CVSS5.5AI score0.00261EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-46817

Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful...

9.8CVSS5.5AI score0.00677EPSS
Exploits2References1
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.13 views

Chromium: CVE-2026-11245 Inappropriate implementation in Payments

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS5.4AI score0.00176EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.10 views

Chromium: CVE-2026-11001 Incorrect security UI in Payments

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.4AI score0.00217EPSS
Exploits0
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34706

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00176EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34609

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00137EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.8 views

EUVD-2026-34468

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00262EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.9 views

EUVD-2026-34450

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00217EPSS
Exploits0References3
OSV
OSV
added 2026/06/05 12:17 a.m.4 views

DEBIAN-CVE-2026-11245

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 12:17 a.m.9 views

CVE-2026-11245

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00176EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-47070

Name of the Vulnerable Software and Affected Versions The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress versions prior to 2.1.1 Description The software is affected by Insufficient Verification of Data Authenticity. The capture payment AJAX handler, registered vi...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.26 views

Oracle E-Business Suite (May 2026 CSPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the May 2026 CSPU advisory. - Vulnerability in the Oracle iAssets product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected...

9.9CVSS5.8AI score0.00677EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-11245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

4.3CVSS5.4AI score0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:17 p.m.6 views

CVE-2026-11148

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00137EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.5 views

DEBIAN-CVE-2026-11148

Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00137EPSS
Exploits0References1
Rows per page
Query Builder