Lucene search
K

400 matches found

NVD
NVD
added 2026/04/01 3:22 p.m.3 views

CVE-2026-30523

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan in months. However, the backend fails to validate that the duration...

6.5CVSS0.00303EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29533

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan in months. However, the backend fails to validate that the duration...

5.9AI score0.00303EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.7 views

SourceCodester Loan Management System 安全漏洞

The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System contains a security vulnerability. This vulnerability stems from insufficient input validation, which could allow attackers to...

6.5CVSS5.8AI score0.00303EPSS
Exploits1References1
CVE
CVE
added 2026/04/01 12:0 a.m.10 views

CVE-2026-30523

CVE-2026-30523 affects SourceCodester Loan Management System v1.0. The vulnerability is a business-logic flaw where the backend does not validate that the loan plan duration (months) is a positive integer, allowing a negative value to be submitted and resulting in a loan plan with negative durati...

6.5CVSS5.9AI score0.00303EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.2 views

CVE-2026-30523

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan in months. However, the backend fails to validate that the duration...

5.9AI score0.00303EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

rust-libp2p 安全漏洞

rust-libp2p is a Rust implementation of the libp2p open-source network stack. Versions of rust-libp2p prior to 0.49.4 contained a security vulnerability. This vulnerability stemmed from the lack of checks for arithmetic operations involving Instant and Duration when processing specially crafted...

8.2CVSS5.8AI score0.00332EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 4:56 a.m.4 views

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS5.9AI score0.00543EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 1:16 a.m.10 views

CVE-2026-33935

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS0.00543EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/27 12:43 a.m.28 views

CVE-2026-33935 MyTube has Unauthenticated Account Lockout via Shared Login Attempt State

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

8.7CVSS0.00543EPSS
Exploits1References5
CVE
CVE
added 2026/03/20 5:46 a.m.27 views

CVE-2026-33040

The CVE concerns libp2p-rust Gossipsub: prior to version 0.49.3, the Gossipsub backoff handling accepts attacker-controlled PRUNE backoff values, enabling unchecked time arithmetic that can overflow when updating backoff state. A crafted PRUNE message with a very large backoff (e.g., u64::MAX) ca...

8.7CVSS5.7AI score0.00473EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/13 9:41 p.m.5 views

CVE-2026-32729

Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacker who has obtained a user's valid credentials via phishing, credential stuffing, or data breach c...

8.1CVSS5.9AI score0.0034EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/05 7:7 p.m.5 views

org.keycloak/keycloak-services: Keycloak SAML brokering: Response delay due to unchecked NotOnOrAfter in SubjectConfirmationData

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

3.1CVSS5.7AI score0.00369EPSS
Exploits0References4
OSV
OSV
added 2026/02/26 10:15 p.m.4 views

GHSA-42CR-W2GR-M54Q wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...

3.1CVSS5.6AI score0.00245EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/26 10:15 p.m.8 views

wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

Summary Five routine detail action endpoints check a cache before calling self.getobject. Cache keys are scoped only by pk — no user ID is included. When a victim has previously accessed their routine via the API, an attacker can retrieve the cached response for the same PK without any ownership...

3.5CVSS5.5AI score0.00245EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/26 7:36 p.m.5 views

CVE-2026-1190

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

3.1CVSS5.8AI score0.00369EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/16 12:24 a.m.6 views

CVE-2025-70304

A buffer overflow in the vobsubgetsubpicduration function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted packet...

7.5CVSS7.2AI score0.00343EPSS
Exploits1References1
NVD
NVD
added 2026/01/15 5:16 p.m.6 views

CVE-2025-70304

A buffer overflow in the vobsubgetsubpicduration function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted packet...

7.5CVSS0.00343EPSS
Exploits1References1
OSV
OSV
added 2026/01/15 5:16 p.m.2 views

UBUNTU-CVE-2025-70304

A buffer overflow in the vobsubgetsubpicduration function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted packet...

7.5CVSS6AI score0.00343EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/01/15 5:16 p.m.3 views

CVE-2025-70304

A buffer overflow in the vobsubgetsubpicduration function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted packet...

7.5CVSS6AI score0.00343EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/15 12:0 a.m.1 views

CVE-2025-70304

A buffer overflow in the vobsubgetsubpicduration function of GPAC v2.4.0 allows attackers to cause a Denial of Service DoS via a crafted packet...

7.5CVSS5.8AI score0.00343EPSS
Exploits1References2
Rows per page
Query Builder