867 matches found
EUVD-2026-40095
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...
CVE-2026-13571 SourceCodester Simple Food Ordering System cart.php logic error
A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...
PYSEC-2026-307 calibre-web is vulnerable to Business Logic Errors
calibre-web is vulnerable to Business Logic Errors...
CVE-2026-44733
CVE-2026-44733 affects OpenProject (open-source, web-based project management software). Before versions 17.3.2 and 17.4.0 , a Business Logic Error via PATCH to /api/v3/users/me could bypass password requirements. A password validation flaw in the change-password flow allowed password changes onl...
CVE-2026-46903
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Business Logic Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
PT-2026-50010
Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Business Logic Infrastructure Security component of JD Edwards EnterpriseOne Tools. A low privileged attacker with network access via HTTP can...
CVE-2026-11465
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
PT-2026-47196
Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...
CVE-2026-5812
A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initia...
CVE-2026-1274
IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to a Bypass Business Logic vulnerability in the access management control panel...
Business Logic Vulnerability Apache Tomcat Dependency in Confluence Data Center
This High severity Business Logic vulnerability was introduced in versions 6.13.0, 7.4.0, 7.13.0, 7.19.0, 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0 and 10.2.0 of Confluence Data Center. This Business Logic vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
CVE-2026-44410
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...
Hunting-Bugs
2026 Practical Bug Bounty Guide Built on real-world experie...
CVE-2026-44410
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...
CVE-2026-44410
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...
CVE-2026-44410 Function Abusement Vulnerability in ZTE ZXUniPOS NDS-LTE
This vulnerability stems from a business logic flaw.Attackers can exploit legitimate application functions in unintended and abnormal ways, deviating from the designer's expectations, to carry out malicious attacks...