50 matches found
CVE-2026-11575
The PhonePe Payment Solutions WordPress plugin before 3.1.0 does not properly verify the authenticity of incoming payment callbacks: the secret used to validate the callback signature is empty on sites configured through the current setup flow, so the expected signature reduces to an unkeyed hash...
CVE-2026-11575
The CVE concerns the PhonePe Payment Solutions WordPress plugin prior to version 3.1.0. The issue is that the plugin does not properly verify the authenticity of incoming payment callbacks because the secret used to validate the callback signature is empty on sites set up via the current flow. As...
WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized...
EUVD-2025-16246
Malicious code in bioql PyPI...
CVE-2025-5154
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154 PhonePe App SQLite Database databases cleartext storage in a file or on disk
A vulnerability, which was classified as problematic, was found in PhonePe App 25.03.21.0 on Android. Affected is an unknown function of the file /data/data/com.phonepe.app/databases/ of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. Local access ...
CVE-2025-5154
The CVE-2025-5154 entry applies to the PhonePe App (Android) version 25.03.21.0. The vulnerability resides in the SQLite Database component, specifically within app-private data at /data/data/com.phonepe.app/databases/, where sensitive data is stored in plaintext. This cleartext storage allows a ...
PT-2025-22866 · Phonepe · Phonepe App
Name of the Vulnerable Software and Affected Versions: PhonePe App version 25.03.21.0 Description: A problematic issue was found in the PhonePe App, affecting an unknown function of the SQLite Database component. The issue leads to cleartext storage in a file or on disk, requiring local access fo...
PhonePe 安全漏洞
PhonePe is a digital wallet and online payment application from PhonePe India. A security vulnerability exists in PhonePe version 25.03.21.0, which stems from a plaintext storage issue in the file /data/data/com.phonepe.app/databases/...
CVE-2022-45835
Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...
Malicious code in phonepe-payment-capacitor-example (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c02a4bb7c5999768baf3318427f8aaffad151f7838f8bfdfee9ad952a24db492 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in phonepe-payment-capacitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d01542a7b9d2f9074bacbba74137fca1ea6f0a5e3a4539037d83dc529ff4d44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2024-12079 Malicious code in phonepe-payment-capacitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d01542a7b9d2f9074bacbba74137fca1ea6f0a5e3a4539037d83dc529ff4d44 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
VulnCheck KEV: CVE-2022-45835
Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...
CVE-2022-45835
Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...
CVE-2022-45835
Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15...