Marginal 安全漏洞

Marginal is an asset trading platform developed by Marginal OpenSource. There is a security vulnerability in Marginal, which stems from the execution of insecure downcasting operations. This vulnerability could allow attackers to settle large debt positions at a negligible cost for assets...

CVE-2025-55306

GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...

Police Shut Down Fake Trading Platform That Scammed Hundreds

Police in Europe have shut down a fake online trading platform that scammed hundreds of victims out of…...

Germany Shuts Down eXch Over $1.9B Laundering, Seizes €34M in Crypto and 8TB of Data

Germany's Federal Criminal Police Office aka Bundeskriminalamt or BKA has seized the online infrastructure and shutdown linked to the eXch cryptocurrency exchange over allegations of money laundering and operating a criminal trading platform. The operation was carried out on April 30, 2025,...

CVE-2025-26523

This vulnerability exists in RupeeWeb trading platform due to insufficient authorization controls on certain API endpoints handling addition and deletion operations. Successful exploitation of this vulnerability could allow an authenticated remote attacker to modify information belonging to other...

CVE-2025-26522

This vulnerability exists in RupeeWeb trading platform due to improper implementation of OTP validation mechanism in certain API endpoints. A remote attacker with valid credentials could exploit this vulnerability by manipulating API responses. Successful exploitation of this vulnerability could...

CVE-2025-26524 No Rate Limiting Vulnerability in RupeeWeb trading platform

This vulnerability exists in RupeeWeb trading platform due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/...

CVE-2025-26522

The CVE-2025-26522 entry describes a flaw in the RupeeWeb trading platform where OTP validation is improperly implemented in certain API endpoints. The vulnerability can be exploited by a remote attacker who has valid credentials to manipulate API responses, potentially bypassing Two-Factor Authe...

Rupeeseed RupeeWeb 安全漏洞

Rupeeseed RupeeWeb is a state-of-the-art web-based trading platform from Rupeeseed India. Rupeeseed RupeeWeb suffers from a security vulnerability that stems from a flaw in the OTP authentication mechanism that allows bypassing two-factor authentication...

PT-2025-7178 · Rupeeweb · Rupeeweb

Name of the Vulnerable Software and Affected Versions: RupeeWeb trading platform affected versions not specified Description: The issue is caused by missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this by sending multiple OTP requests...

Digital Asset Trading Platform UEEx Strengthens Digital Asset Security with New Protection Policy

UEEx enhances user security with new compensation policies addressing abnormal market volatility and asset protection. Users can now…...

CVE-2024-45588

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lea...

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-45588 Information Disclosure Vulnerability

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lea...

CVE-2024-45587 Unauthorized Modification Vulnerability

This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which...

PT-2024-31690 · Unknown · Symphony Xts Web Trading Platform

Name of the Vulnerable Software and Affected Versions: Symphony XTS Web Trading platform version 2.0.0.1 P160 Description: This issue exists due to improper access controls on APIs in the Transaction module of the vulnerable application. An authenticated remote attacker could exploit this by...

WhatsApp cryptocurrency scam goes for the cash prize

This weekend a scammer tried his luck by reaching out to me on WhatsApp. It’s not that I don’t appreciate it, but trust me, it’s bad for your business. I received one message from a number hailing from the Togolese Republic. WhatsApp message from an unknow sender “Jay, your financial account has...

CVE-2023-35163

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...

Clickjacking Vulnerability in Golden Jade Butler App

Jade Butler app is a mobile trading platform launched by Hengtai Securities, the platform has securities quotes, securities trading, account management, securities information and many other features. There is a clickjacking vulnerability in Jade Butler App, which can be exploited by attackers to...

SQL Injection Vulnerability in Electronic Bidding and Trading Platforms

Jiangsu Guotai New Point Software Co., Ltd. is to provide e-government, public resources trading, electronic bidding, construction industry, smart city and other fields of related software products and hardware and software integration solutions. There is a SQL injection vulnerability in the...