EUVD-2026-34996

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

CVE-2026-11465

CVE-2026-11465 affects songquanpeng’s one-api (up to 0.6.11-preview.7). The issue is in the Redemption Code Top-Up Endpoint, specifically the function Redeem in file model/redemption.go, where manipulation leads to business logic errors. Reported as exploitable remotely with high complexity and l...

PT-2026-47196

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

New API SQL注入漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.12.1 have a SQL injection vulnerability. This vulnerability originates from the SearchUserTopUps/SearchAllTopUps function in the model/topup.go file of the self Endpoint component, which may lead to...

EUVD-2022-46362

Malicious code in bioql PyPI...

CVE-2022-43323

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...

CVE-2022-43323

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...

CVE-2022-43323

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...

CVE-2022-43323

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...

PT-2022-26848 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.5.9-UTF8-SP1 Description: A Cross-Site Request Forgery CSRF issue was discovered in the Top Up Balance component under the Edit Member module. This allows for malicious requests to be made without the user's knowledge or...

EyouCms 跨站请求伪造漏洞

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms version V1.5.9-UTF8-SP1, which originates from the Top Up Balance component of its Edit Member module that...

CVE-2022-43323

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery CSRF via the Top Up Balance component under the Edit Member module...

CVE-2022-43323

CVE-2022-43323 affects EyouCMS version 1.5.9-UTF8-SP1. The issue is a Cross-Site Request Forgery (CSRF) in the Top Up Balance component within the Edit Member module. Root cause detail is CSRF in the specific Top Up Balance functionality; exploitation details are not elaborated beyond the CSRF la...

Customers cannot be topUp()ed a second time

Lines of code Vulnerability details OpenZeppelin's safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value function safeApprove IERC20 token, address spender, uint256 value internal // safeApprove should only be called when setting an initi...

USDT has a fake top-up vulnerability

USDT is a token based on P2P transactions. The vulnerability stems from a flaw in the logic used by exchanges to confirm the success of a USDT top-up transaction by not checking the value of the valid field in the transaction details on the blockchain to see if it is true, resulting in a "fake...

Razer: Blind SQL Injection(Time Based Payload) in https://www.easytopup.in.th/store/game/digimon-master via CheckuserForm[user_id]

The tester determined the Top Up site for Razer Gold TH suffered from a blind SQL injection vulnerability due to lack of input sanitization. Razer thanks the tester for his clear PoC and working with us to resolve the issue...

Payment Design Vulnerabilities in the Top-Up Function Module of EZZY APP Android Version

EZZY APP is a car intelligent sharing platform APP created by Beijing Daimeng Technology Co. There is a payment design vulnerability in the recharge function module of EZZY APP Android version. After logging into the system, an attacker can modify the amount in the payment packet by catching the...

Huacheng Gas Group Android APP has design flaws

Huacheng Gas Group Android APP is a client application that provides users with integrated management of remote meter reading and online bill payment. There is a design vulnerability in the verification code of Huacheng Gas Group Android APP. An attacker can use the vulnerability to reset any...