8 matches found
GHSA-XVP7-8VM8-XFXX Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers
Summary The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless...
EUVD-2025-3968
Malicious code in bioql PyPI...
EUVD-2022-29922
Malicious code in bioql PyPI...
CVE-2025-24872 Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)
The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...
CVE-2025-24872 Missing Authorization check in SAP ABAP Platform (ABAP Build Framework)
The ABAP Build Framework in SAP ABAP Platform allows an authenticated attacker to gain unauthorized access to a specific transaction. By executing the add-on build functionality within the ABAP Build Framework, an attacker could call the transaction and view its details. This has a limited impact...
Razer: Improper Authorization at https://api-my.pay.razer.com/v1/trxDetail?trxId=[Id] allowing unauthorised access to other user's transaction details
The tester determined that the Razer Pay backend server could be exploited to obtain transaction details from another user. Razer Fintech appreciates the detailed report and clear PoC...
Monero: Misreporting of received amount by show_transfers
Summary: A sender may cause showtransfers to report a higher amount that was actually sent on the recipient's showtransfers output. Description: Due to a flaw in processnewtransaction in wallet2.cpp, if the tx pubkey is present multiple times, it will decode outputs correctly as many times, and a...
Threat Outbreak Alert: Fake Transaction Details Notification Email Messages on January 21, 2014
Medium Alert ID: 32515 First Published: 2014 January 22 16:58 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain transaction details for the recipient. The text in the email message attempts to convince the recipient to ope...