2 matches found
CVE-2026-48799
CVE-2026-48799 - Postiz : An unauthenticated Nowpayments IPN callback verification flaw allows a low-privilege attacker to read the target subscription ID from the untrusted request body and grant lifetime PRO subscriptions to arbitrary organizations. Root cause: missing IPN authenticity verifica...
New Relic: Ability to buy PRO subscriptions by arbitrary reduced prices
Hey team, I've found that a malicious user can buy PRO subscriptions by arbitrarily reduced prices. Steps to reproduce 0 Make sure you have an account without subscriptions at APM PRO bought. If you don't – register a new one. It works for me inside the EU accounts at least. 1 Sign in this accoun...