Lucene search
K

35 matches found

EUVD
EUVD
added 2026/04/01 3:31 p.m.5 views

EUVD-2026-17895

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6.5CVSS6AI score0.00255EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.25 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

0.0025EPSS
Exploits1References1
CVE
CVE
added 2026/04/01 12:0 a.m.10 views

CVE-2026-30523

CVE-2026-30523 affects SourceCodester Loan Management System v1.0. The vulnerability is a business-logic flaw where the backend does not validate that the loan plan duration (months) is a positive integer, allowing a negative value to be submitted and resulting in a loan plan with negative durati...

6.5CVSS5.9AI score0.00303EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.28 views

CVE-2026-30522

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

0.00255EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/31 12:0 a.m.31 views

CVE-2026-30521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

0.00313EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.3 views

CVE-2026-30574

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity txtqty exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is...

5.9AI score0.00256EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30575

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level...

5.8AI score0.00421EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/03/08 8:8 a.m.20 views

Lovable VDP: Business Logic Bypass Allows Setting “Read Access” Role Without Pro Plan Subscription

A business logic vulnerability was identified that allowed users on a free plan to generate an invitation link that assigned the "Read Access" role, which was intended to be restricted to users with a Pro Plan subscription. The vulnerability was triggered by manipulating the invitation creation...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/01/21 6:13 a.m.19 views

EUVD-2026-3686

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.4AI score0.00443EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/21 6:13 a.m.2 views

CVE-2025-14559

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

6.5CVSS5.3AI score0.00443EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.10 views

CVE-2023-45854

A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function...

7.5CVSS6.9AI score0.00337EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-6280

Malware in sbrugna...

5.5CVSS5.6AI score0.00188EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-54805

Malicious code in bioql PyPI...

8.1CVSS6.8AI score0.06705EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.14 views

PT-2025-40540

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0-nightly-2025-10-03 and below Description phpMyFAQ does not enforce uniqueness of email addresses during user registration, allowing multiple distinct accounts to be created with the same email. This can cause account...

9.8CVSS7.4AI score0.00388EPSS
Exploits1References11
NVD
NVD
added 2025/08/15 1:16 a.m.11 views

CVE-2025-8991

A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemallexpressfreightmin leads to business logic errors. The...

5.3CVSS0.00299EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/07/23 2:31 p.m.7 views

CVE-2024-13974

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 20.0.1 can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution...

8.1CVSS7AI score0.06705EPSS
Exploits0References1
NVD
NVD
added 2025/07/21 2:15 p.m.10 views

CVE-2024-13974

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 20.0.1 can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution...

8.1CVSS0.06705EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/21 1:34 p.m.12 views

CVE-2024-13974

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 20.0.1 can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution...

8.1CVSS0.06705EPSS
Exploits0References1
CVE
CVE
added 2025/07/21 1:34 p.m.33 views

CVE-2024-13974

CVE-2024-13974 : A business-logic vulnerability in the Sophos Firewall Up2Date component (versions older than 21.0 MR1 / 20.0.1) can enable an attacker to take control of the firewall’s DNS environment and achieve remote code execution. Affected product: Sophos Firewall. Root cause: business logi...

8.1CVSS7.4AI score0.06705EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/21 1:34 p.m.6 views

CVE-2024-13974

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 20.0.1 can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution...

8.1CVSS7.4AI score0.06705EPSS
Exploits0References1
Rows per page
Query Builder