Lucene search
K

16 matches found

CVE
CVE
added 5 hours ago6 views

CVE-2026-11567

CVE-2026-11567 affects the SureForms WordPress plugin prior to 2.11.1. The vulnerability is a failure to properly validate the payment amount on forms that use a dynamically sourced (variable/hidden) payment amount, enabling unauthenticated users to underpay for the configured product or subscrip...

6.1AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago7 views

EUVD-2026-43625

The SureForms WordPress plugin before 2.11.1 does not properly validate the payment amount on forms that use a dynamically-sourced variable/hidden payment amount, allowing unauthenticated users to underpay for the configured product or subscription. Forms using a fixed configured price are not...

6.1AI score
Exploits0References1
NVD
NVD
added 2026/07/06 10:16 p.m.7 views

CVE-2026-43928

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS0.00274EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 9:53 p.m.32 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:53 p.m.6 views

CVE-2026-43928

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 9:53 p.m.12 views

CVE-2026-43928

FOSSBilling PayPalEmail integration before 0.8.0 credits mc_gross from IPN without validating against the invoice total, combined with a $0.05 epsilon in the credit logic, enabling underpayment of up to $0.04 while marking invoices as paid. Version 0.8.0 patches the issue. No public workaround ex...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 9:53 p.m.2 views

CVE-2026-43928 FOSSBilling: Payment amount not validated in PayPalEmail adapter allows invoice underpayment

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the PayPalEmail payment adapter accepts PayPal IPN callbacks and credits the IPN-supplied amount mcgross to the client's balance without validating it against the invoice total. Combined with a $0.05...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.6 views

PT-2026-56032

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The PayPalEmail payment adapter fails to validate the amount supplied via PayPal IPN Instant Payment Notification callbacks, specifically the mc gross variable, against the actual invoice total...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 6:43 a.m.36 views

CVE-2026-2729 Forminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' Parameter

The Forminator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.52.0. This is due to the plugin not properly verifying that a user is authorized to perform an action when processing attacker-supplied Stripe PaymentIntent identifiers in the public...

5.3CVSS0.00367EPSS
Exploits0References2
CVE
CVE
added 2026/05/05 6:43 a.m.23 views

CVE-2026-2729

CVE-2026-2729 affects the WordPress plugin Forminator (versions up to 1.52.0). The vulnerability arises from missing authorization when processing attacker-supplied Stripe PaymentIntent identifiers during the public payment flow, allowing unauthenticated attackers to submit high-value paid forms ...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/04 5:34 p.m.7 views

WordPress Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass vulnerability

Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass vulnerability discovered by Kittipat Jitphonchana in WordPress Plugin Forminator versions = 1.52.0...

5.3CVSS5.8AI score0.00367EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.9 views

A user could call mint() with less ETH than the mintPrice and improperly mint badges for a cheaper cost.

Lines of code Vulnerability details Impact users underpaying to mint badges will lead to loss of funds Proof of Concept It checks if msg.value is less than the required mintPrice, but it does not check for the case where msg.value mintPrice. This means: A user could send only 1 wei when the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.11 views

Borrower can pay very little collateral for a huge amount of more valuable asset.

Lines of code Vulnerability details Impact When an approved borrower calls borrowAsset , they are able to borrow as much asset as possible and passing the user controlled collateralAmount input with a lesser value worth of collateral. For example, a user can pay 1 USDC collateral and receive 1000...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.8 views

IndexPool's flashswap trasfer before callback

Handle 0xsanson Vulnerability details Impact The flashswap function in IndexPool.sol doesn't fulfill its function. Indeed it should transfer tokens to the users before they need to pay back, but the transfer happens at the end: ... ITridentCalleemsg.sender.tridentSwapCallbackcontext; // @dev Chec...

6.9AI score
Exploits0
CNVD
CNVD
added 2020/07/14 12:0 a.m.5 views

c-lightning Security Vulnerabilities

A security vulnerability exists in c-lightning versions prior to 0.7.1 that stems from incorrect access control. A remote attacker could exploit the vulnerability by not paying or underpaying the total cash amount of a transaction...

6.8AI score
Exploits0References1
CNVD
CNVD
added 2020/05/06 12:0 a.m.3 views

Eclair has a logic flaw vulnerability

Eclair is a flash wallet for Android based systems.Eclair to 0.3 allows an attacker to trigger a loss of funds due to incorrect access control. An attacker could use the vulnerability to not pay or underpay the total amount of cash...

7.5CVSS6.8AI score0.02176EPSS
Exploits1References1
Rows per page
Query Builder