CVE-2026-39901

Summary: CVE-2026-39901 affects the monetr budgeting app. Before version 1.12.3, an authenticated tenant user can use the transaction update (PUT) endpoint to soft-delete synced non-manual transactions, bypassing the intended protection that blocks deletion via the normal DELETE path. This is a s...

CVE-2026-39901 monetr: Protected Transactions Deletable via PUT

monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deleti...

EUVD-2019-5825

Malware in sbrugna...

EUVD-2022-49733

Malicious code in bioql PyPI...

EUVD-2022-15766

Malicious code in bioql PyPI...

CVE-2022-0681

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack...

CVE-2022-0681 Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF

The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack...

Simple Membership < 4.1.0 - Arbitrary Transaction Deletion via CSRF

The plugin does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=simplewpmembershippayments=deletetxn=1 will delete the transaction with ID...