2173 matches found
WordPress plugin WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More 数据伪造问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-8608
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...
CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action
The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...
CVE-2026-32270
Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users when an order number is provided and the email check fails during an anonymous payment. The JSON...
CVE-2026-47745
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, the admin tables for PaymentMethods, Currencies and Carriers exposed inline toggles and per-record actions enable, disable, edit, delete that were rendered for any authenticated panel user without checking the corresponding per-action...
CVE-2026-46818
Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Payments. Successful...
CVE-2026-46817
Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful...
Chromium: CVE-2026-11245 Inappropriate implementation in Payments
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11001 Incorrect security UI in Payments
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34706
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-34609
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-34468
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-34450
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-11245
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11245
Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
PT-2026-47070
Name of the Vulnerable Software and Affected Versions The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress versions prior to 2.1.1 Description The software is affected by Insufficient Verification of Data Authenticity. The capture payment AJAX handler, registered vi...
Oracle E-Business Suite (May 2026 CSPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the May 2026 CSPU advisory. - Vulnerability in the Oracle iAssets product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected...
Linux Distros Unpatched Vulnerability : CVE-2026-11245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page...
CVE-2026-11148
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-11148
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...