Improper Access Control

getgrav/grav-plugin-api is vulnerable to Improper Access Control. The vulnerability is due to an insecure direct object reference and flawed permission update logic in UsersController::update, which allows an attacker to escalate privileges to Super Administrator and gain full system access...

SourceCodester Loan Management System 安全漏洞

The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System has security vulnerabilities. These vulnerabilities stem from defects in the business logic and improper server-side validation,...

Open eClass 安全漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained security vulnerabilities. These vulnerabilities were caused by business logic flaws, which could allow authenticated students to mark themselves as attendin...

CVE-2022-26273

EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities...

Vulnerabilities fixed in Apple macOS

Apple has fixed vulnerabilities in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2 and macOS Tahoe 26.1. The vulnerabilities covered a wide range of issues, including unauthorized access to sensitive user data, race conditions, and logic flaws that could lead to unwanted access or system instability...

Vulnerabilities fixed in Apple macOS, iOS and iPadOS

Apple has fixed vulnerabilities in macOS, iOS and iPadOS. The vulnerabilities include several issues, such as insufficient input validation, memory corruption, and logic issues that can lead to unauthorized access to sensitive user data. These vulnerabilities can be exploited by malicious parties...

Denial Of Service (DoS)

alextselegidis/easyappointments is vulnerable to Denial Of Service DoS. The vulnerability is due to booking logic flaws due to insufficient validation of appointment duration, allowing unauthenticated attackers to block future booking availability by creating excessively long appointments...

There are logic flaws and vulnerabilities in the Fast Shadow APP of Beijing Shutterstock Technology Co.

Fast Shadow App is a video shooting, video editing and video making tool. A logic flaw vulnerability exists in the Fast Shadow APP of Beijing Racer Technology Limited, which can be exploited by attackers to cause a denial of service...

CVE-2025-3426

The CVE-2025-3426 entry describes lack of reverse engineering protections in Philips IntelliSpace Portal binaries, enabling discovery of hardcoded credentials. Affected products are IntelliSpace Portal 12 and earlier and Advanced Visualization Workspace 15. Technical details from connected source...

SUSE-SU-2025:1032-1 Security update for microcode_ctl

This update for microcodectl fixes the following issues: - CVE-2024-31068: Improper Finite State Machines FSMs in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access. bsc1237096 - CVE-2024-36293: A potential security...

Fortinet Fortigate Unchecked boundary length causing multiple logic flaws (FG-IR-24-250)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-250 advisory. - An allocation of resources without limits or throttling CWE-770 vulnerability in FortiOS versions 7.6.0, versions 7.4.4...

Improper Handling Of Case Sensitivity

social-auth-app-django is vulnerable to Improper Handling Of Case Sensitivity. The vulnerability is due to default case-insensitive collation in MySQL or MariaDB databases. This vulnerability could cause different IDs to match, resulting in Business Logic Flaws...

Logic flaws exist in KingFusion control integration full configuration platform of Beijing Asian Control Technology Development Co.

Ltd. is a high-tech industrial automation and informatization software platform enterprise founded in 1997. A logic flaw exists in the KingFusion integrated control and full configuration platform of Beijing Asian Control Technology Development Co., Ltd. that can be exploited by attackers to obta...

Business Logic Flaws

GitLab is vulnerable to Business Logic Flaws. The vulnerability exists under specific conditions, which allows an unauthorised project members to delete a protected branches...

Business Logic Flaws

phpmyfaq is vulnerable to Business Logic Flaws. The vulnerability exists in record.add.php due to improper user permission checks which allows an authenticated attacker with edit-only permissions to add and delete categories or add FAQs...

Business Logic Errors

heimdal is vulnerable to Business Logic Flaws. The vulnerability exists due to accidental logic inversions which allows an attacker to perform unwanted actions...

Why is Robust API Security Crucial in eCommerce?

API attacks are on the rise. One of their major targets is eCommerce firms like yours. APIs are a vital part of how eCommerce businesses are accelerating their growth in the digital world. ECommerce platforms use APIs at all customer touchpoints, from displaying products to handling shipping. Owi...

Business Logic Flaws

OpenZeppelin Contracts has business logic flaws. The vulnerability exists due to a lack of sanitization between cross chains allowing contracts using Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2 to be classified as direct interactions of externally owned accounts EOAs even though the...

YetiForceCrm 输入验证错误漏洞

YetiForceCrm is an open source crm system from the Polish company YetiForce. Yetiforcecrm suffers from a processing logic error vulnerability, which stems from Yetiforcecrm being vulnerable to business logic errors. No detailed vulnerability details are currently available...

Business Logic Flaws

qt5-qtwebengine is vulnerable to business logic flaws. The vulnerability exists due to an inappropriate implementation flaw was found in the navigation component of the Chromium browser...