18 matches found
PT-2026-36099
Name of the Vulnerable Software and Affected Versions Otter Blocks versions prior to 3.1.5 Description The plugin is subject to a purchase verification bypass. The get customer data method relies on an unsigned o stripe data cookie to determine product ownership for unauthenticated users...
CVE-2026-33073
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the discourse-subscriptions plugin leaks stripe API keys across sites in a multisite cluster resulting in the potential fo...
CVE-2026-4549 mickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorization
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The...
CVE-2026-4549
A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. This manipulation causes authorization bypass. Remote exploitation of the attack is possible. The...
EUVD-2018-10957
Malware in sbrugna...
EUVD-2023-40747
Malicious code in bioql PyPI...
Hackers Exploit Stripe API for Web Skimming Card Theft on Online Stores
Cybersecurity researchers at Jscamblers have uncovered a sophisticated web-skimming campaign targeting online retailers. The campaign utilizes a legacy…...
Legacy Stripe API Exploited to Validate Stolen Payment Cards in Web Skimmer Campaign
Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface API from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers,...
MAL-2024-4664 Malicious code in Stripe.АРI (NuGet)
--- -= Per source details. Do not edit below this line.=-...
Mozilla: paypal client_id And stripe api key indexed on web archive
The paypal clientid and stripe API key have been indexed on the web archive, exposing sensitive data...
CVE-2023-36817
In CVE-2023-36817, the repository tktchurch/website (The King’s Temple Church website) version 0.1.0 exposed a Stripe API key in public code. The root cause is sensitive credentials accidentally committed to the codebase, enabling potential unauthorized financial transactions and access to custom...
CVE-2023-36817 The King's Temple Church website Leaked Stripe API Key in Public Code Repository
tktchurch/website contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized...
CVE-2023-36817 The King's Temple Church website Leaked Stripe API Key in Public Code Repository
tktchurch/website contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized...
CVE-2023-36817 The King's Temple Church website Leaked Stripe API Key in Public Code Repository
tktchurch/website contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized...
Stripe API Access Restriction Bypass Vulnerability
Stripe is a set of online payment platforms from Stripe Inc. in the U.S. Stripe API is one of the application program interfaces. An access restriction bypass vulnerability exists in Stripe API version 1, which can be exploited by remote attackers to bypass access restrictions...
CVE-2018-19249
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...
Information disclosure
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...
CVE-2018-19249
The Stripe API v1 allows remote attackers to bypass intended access restrictions by replaying api.stripe.com /v1/tokens XMLHttpRequest data, parsing the response under the object card, and reading the cvccheck information if the creation is successful without charging the actual card used in the...