6 matches found
Fake verification pages are stealing Steam accounts from players
Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding, working links, and what appears to be a real Steam login window. By the time it asks for your password,...
CVE-2026-47696
WWBN AVideo (29.0 and earlier) has a wallet-credit bypass in the AuthorizeNet processPayment.json.php endpoint. The code credits the logged-in user’s wallet based only on an attacker-controlled POST amount, using a TODO for real charging, hardcoded $paymentSuccess = true, and calling YPTWallet::a...
PT-2026-44849
Name of the Vulnerable Software and Affected Versions AVideo versions 29.0 and earlier Description An issue exists in the 'plugin/AuthorizeNet/processPayment.json.php' endpoint that allows any logged-in user to add arbitrary funds to their own wallet when the AuthorizeNet and YPTWallet plugins ar...
WWBN AVideo 安全漏洞
WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained security vulnerabilities. These vulnerabilities stemmed from the plugin/AuthorizeNet/processPayment.json.php file, which only increased the logged-in user’s wallet...
CVE-2025-14450
The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...
Malicious Package
Overview bittenso is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a typosquatting campaign targeting the Bittensor ecosystem. The goal of the attackers is to steal cryptocurrency from...