35 matches found
EUVD-2026-17895
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...
CVE-2026-30573
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...
CVE-2026-30523
CVE-2026-30523 affects SourceCodester Loan Management System v1.0. The vulnerability is a business-logic flaw where the backend does not validate that the loan plan duration (months) is a positive integer, allowing a negative value to be submitted and resulting in a loan plan with negative durati...
CVE-2026-30522
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
CVE-2026-30574
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity txtqty exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is...
CVE-2026-30575
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level...
Lovable VDP: Business Logic Bypass Allows Setting “Read Access” Role Without Pro Plan Subscription
A business logic vulnerability was identified that allowed users on a free plan to generate an invitation link that assigned the "Read Access" role, which was intended to be restricted to users with a Pro Plan subscription. The vulnerability was triggered by manipulating the invitation creation...
EUVD-2026-3686
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...
CVE-2025-14559
A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...
CVE-2023-45854
A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function...
EUVD-2020-6280
Malware in sbrugna...
EUVD-2024-54805
Malicious code in bioql PyPI...
PT-2025-40540
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0-nightly-2025-10-03 and below Description phpMyFAQ does not enforce uniqueness of email addresses during user registration, allowing multiple distinct accounts to be created with the same email. This can cause account...
CVE-2025-8991
A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemallexpressfreightmin leads to business logic errors. The...
CVE-2024-13974
A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 20.0.1 can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution...
CVE-2024-13974
A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 20.0.1 can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution...
CVE-2024-13974
A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 20.0.1 can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution...
CVE-2024-13974
CVE-2024-13974 : A business-logic vulnerability in the Sophos Firewall Up2Date component (versions older than 21.0 MR1 / 20.0.1) can enable an attacker to take control of the firewall’s DNS environment and achieve remote code execution. Affected product: Sophos Firewall. Root cause: business logi...
CVE-2024-13974
A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 20.0.1 can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution...