CVE-2026-47696

WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess =...

Chromium: CVE-2026-11286 Insufficient validation of untrusted input in Wallet

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-33303

WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment endpoint...

PT-2026-46853

Summary plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST parameter. The endpoint contains a TODO for real Authorize.Net charging, hardcodes $paymentSuccess = true, and then calls YPTWallet::addBalance without...

AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance

Summary The transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new balance — all without database transactions or row-level locking. An attack...

CVE-2026-34368

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new...

CVE-2019-18672

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...

CVE-2025-68029

Insertion of Sensitive Information Into Sent Data vulnerability in WP Swings Wallet System for WooCommerce wallet-system-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Wallet System for WooCommerce: from n/a through = 2.7.3...

EUVD-2011-4376

Malware in sbrugna...

EUVD-2025-17051

Malicious code in bioql PyPI...

EUVD-2023-35601

Malicious code in bioql PyPI...

CVE-2025-52294

Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance...

CVE-2025-5719

The wallet has an authentication bypass vulnerability that allows access to specific pages...

CVE-2025-5719

The wallet has an authentication bypass vulnerability that allows access to specific pages...

CVE-2025-5719

CVE-2025-5719 relates to Vivo Wallet with an authentication bypass that could grant access to specific pages. Connected sources confirm the vulnerability class (authentication bypass) and name the affected software as Vivo Wallet/mobile wallet. The Red Hat and PT-Security entries corroborate the ...

CVE-2022-25642

Obyte formerly Byteball Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution...

CVE-2021-36689

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...

CVE-2024-13682

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in...

CVE-2025-23527

CVE-2025-23527 corresponds to WC Wallet: Missing Authorization vulnerability. Red Hat/NVD entries describe a Missing Authorization issue that allows accessing functionality not properly constrained by ACLs, affecting WC Wallet versions up to 2.2.0. Vuln enrichment explicitly labels this as an Arb...

VulnCheck KEV: CVE-2023-41061

Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064...