CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

238 matches found

Loan Management System 1.0 - SQL Injection

Loan Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2025-9744 info: name:...

9.8CVSS7.7AI score0.01664EPSS

Exploits3References3

Nuclei•added 14 hours ago•36 views

CZ Loan Management <= 1.1 - SQL Injection

The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2024-5975 info: name: CZ Loan Management = 1.1 - SQL Injection author...

9.1CVSS5.5AI score0.01958EPSS

Exploits1References3

RedhatCVE•added 2026/04/02 5:4 a.m.•3 views

CVE-2026-30523

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan in months. However, the backend fails to validate that the duration...

6.5CVSS5.9AI score0.00303EPSS

Exploits1References1

EUVD•added 2026/04/01 3:31 p.m.•2 views

EUVD-2026-17897

6.5CVSS5.9AI score0.00303EPSS

Exploits1References2

EUVD•added 2026/04/01 3:31 p.m.•3 views

EUVD-2026-17895

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

6.5CVSS6AI score0.00255EPSS

Exploits1References2

NVD•added 2026/04/01 3:22 p.m.•0 views

CVE-2026-30523

6.5CVSS0.00303EPSS

Exploits1References1

NVD•added 2026/04/01 2:16 p.m.•3 views

CVE-2026-30522

6.5CVSS0.00255EPSS

Exploits1References1

RedhatCVE•added 2026/04/01 5:0 a.m.•1 views

CVE-2026-30521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

6.5CVSS6AI score0.00313EPSS

Exploits1References1

RedhatCVE•added 2026/04/01 5:0 a.m.•1 views

CVE-2026-30520

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

4.8CVSS6AI score0.0022EPSS

Exploits1References1

Cvelist•added 2026/04/01 12:0 a.m.•22 views

CVE-2026-30522

0.00255EPSS

Exploits1References1

Positive Technologies•added 2026/04/01 12:0 a.m.•5 views

PT-2026-29521

6AI score0.00255EPSS

Exploits1References2

Vulnrichment•added 2026/04/01 12:0 a.m.•1 views

CVE-2026-30523

5.9AI score0.00303EPSS

Exploits1References1

Vulnrichment•added 2026/04/01 12:0 a.m.•2 views

CVE-2026-30522

6AI score0.00255EPSS

Exploits1References1

CNNVD•added 2026/04/01 12:0 a.m.•2 views

SourceCodester Loan Management System 安全漏洞

The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System contains a security vulnerability. This vulnerability stems from insufficient input validation, which could allow attackers to...

6.5CVSS5.8AI score0.00303EPSS

Exploits1References1

CVE•added 2026/04/01 12:0 a.m.•6 views

CVE-2026-30523

CVE-2026-30523 : The vulnerability is in SourceCodester Loan Management System v1.0 regarding loan plan creation. The backend does not validate that the months duration is a positive integer, allowing an attacker to submit a negative value, resulting in a loan plan with a negative duration. The c...

6.5CVSS5.9AI score0.00303EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/04/01 12:0 a.m.•17 views

CVE-2026-30523

0.00303EPSS

Exploits1References1

CVE•added 2026/04/01 12:0 a.m.•7 views

CVE-2026-30522

The CVE-2026-30522 entry describes a business logic vulnerability in SourceCodester Loan Management System v1.0 where backend validation does not enforce a non-negative value for the monthly overdue penalty (penalty_rate) in creating loan plans. An authenticated attacker can bypass the frontend r...

6.5CVSS6AI score0.00255EPSS

Exploits1References1Affected Software1

EUVD•added 2026/03/31 9:31 p.m.•1 views

EUVD-2026-17583

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

6AI score0.00313EPSS

Exploits1References2

NVD•added 2026/03/31 7:16 p.m.•1 views

CVE-2026-30521

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...

6.5CVSS0.00313EPSS

Exploits1References1

EUVD•added 2026/03/31 6:31 p.m.•2 views

EUVD-2026-17581

4.8CVSS6AI score0.0022EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by