Lucene search
K

159 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.4 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/01 3:31 p.m.5 views

EUVD-2026-17901

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS5.9AI score0.0025EPSS
Exploits1References2
NVD
NVD
added 2026/04/01 3:22 p.m.4 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

7.5CVSS0.0025EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.1 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

5.9AI score0.0025EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.24 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

0.0025EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/12 2:50 p.m.7 views

kora-lib: Token-2022 Transfer Fee Not Deducted During Payment Verification

Summary When a user pays transaction fees using a Token-2022 token with a TransferFeeConfig extension, Kora's verifytokenpayment credits the full raw transfer amount as the payment value. However, the on-chain SPL Token-2022 program withholds a portion of that amount as a transfer fee, so the...

5.8AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/11 7:15 p.m.9 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

8.1CVSS0.00351EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/11 12:0 a.m.23 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

0.00351EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/02/11 12:0 a.m.5 views

CVE-2025-69871

A race condition vulnerability exists in MedusaJS Medusa v2.12.2 and earlier in the registerUsage function of the promotion module. The function performs a non-atomic read-check-update operation when enforcing promotion usage limits. This allows unauthenticated remote attackers to bypass usage...

8.1CVSS5.9AI score0.00351EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/09 11:26 a.m.5 views

CVE-2021-33403

An integer overflow in the transfer function of a smart contract implementation for Lancer Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses between two large accounts during a transaction...

7.5CVSS7.1AI score0.01196EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.4 views

CVE-2025-14070

The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sendtestemail' AJAX action in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

7.5CVSS6AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.9 views

CVE-2025-1766

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'paymentcomplete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated...

5.3CVSS7.2AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-6525

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00464EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-23361

Malicious code in bioql PyPI...

5.4CVSS6.5AI score0.00303EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2025/08/07 9:45 a.m.3 views

Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection

We’re excited to announce that MRG Effitas, a globally recognized security assessment firm, has awarded Malwarebytes the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security. Our mobile protection received the highest marks, achieving a...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/03 2:14 p.m.9 views

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

5.4CVSS6.2AI score0.00303EPSS
Exploits1References1
NVD
NVD
added 2025/08/01 2:15 p.m.7 views

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

5.4CVSS0.00303EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/01 12:0 a.m.4 views

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

6.2AI score0.00303EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.4 views

Opay Mobile application 安全漏洞

Opay Mobile application is a lightweight application from Opay Inc. It is used to manage all banking or payment requirements. A security vulnerability exists in Opay Mobile application version 2.19.4, which originated from allowing a user to bypass payment authorization by disabling Bluetooth at ...

5.4CVSS6.5AI score0.00303EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/01 12:0 a.m.10 views

CVE-2025-46018

CSC Pay Mobile App 2.19.4 fixed in version 2.20.0 contains a vulnerability allowing users to bypass payment authorization by disabling Bluetooth at a specific point during a transaction. This could result in unauthorized use of laundry services and potential financial loss...

0.00303EPSS
Exploits1References2
Rows per page
Query Builder