EUVD-2026-33303

WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...

AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance

Summary The transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new balance — all without database transactions or row-level locking. An attack...

CVE-2026-34368

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new...

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

CVE-2025-68029

Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through = 2.7.3...

EUVD-2011-4376

Malware in sbrugna...

EUVD-2025-17051

Malicious code in bioql PyPI...

EUVD-2023-35601

Malicious code in bioql PyPI...

CVE-2025-52294

Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance...

CVE-2025-5719

The wallet has an authentication bypass vulnerability that allows access to specific pages...

CVE-2025-5719

The wallet has an authentication bypass vulnerability that allows access to specific pages...

CVE-2025-5719

CVE-2025-5719 relates to Vivo Wallet with an authentication bypass that could grant access to specific pages. Connected sources confirm the vulnerability class (authentication bypass) and name the affected software as Vivo Wallet/mobile wallet. The Red Hat and PT-Security entries corroborate the ...

CVE-2022-25642

Obyte formerly Byteball Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution...

CVE-2021-36689

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...

CVE-2024-13682

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in...

CVE-2025-23527

CVE-2025-23527 corresponds to WC Wallet: Missing Authorization vulnerability. Red Hat/NVD entries describe a Missing Authorization issue that allows accessing functionality not properly constrained by ACLs, affecting WC Wallet versions up to 2.2.0. Vuln enrichment explicitly labels this as an Arb...

VulnCheck KEV: CVE-2023-41061

Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064...

GG18 TSS and GG20 TSS Injection Vulnerabilities

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 20201 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in the GG18 , GG20 TSS that stems from...

ShapeShift KeepKey 缓冲区错误漏洞

ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. A security vulnerability exists in ShapeShift KeepKey versions prior to 7.7.0 that stems from insufficient length checking, allowing an attacker to extract the BIP39 mnemonic from a hardware wallet via a crafted message that...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @chainfuse/react (>=0.0.46 <=0.1.0-dev.96) +15 more potentially affected by CVE-2023-30543 via @web3-react/coinbase-wallet (>=8.0.31-beta.0 <=8.0.34-beta.0)

@web3-react/coinbase-wallet NPM version =8.0.31-beta.0, =0.1.36, =0.0.46, =0.0.70, =0.0.6-alpha.0, =0.1.0, =0.0.1, =0.1.0, =0.13.29, =0.1.20, =0.0.1, =0.0.2, =0.0.11, =0.1.31 and more Source cves: CVE-2023-30543 Source advisory: OSV:GHSA-8PF3-6FGR-3G3G...