Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.5AI score0.00213EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 7:17 p.m.16 views

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS0.00213EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:37 p.m.6 views

CVE-2026-44826

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/15 6:37 p.m.11 views

EUVD-2026-30580

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 6:37 p.m.10 views

CVE-2026-44826 Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 6:37 p.m.12 views

CVE-2026-44826

Vvveb CMS contains a vulnerability where the cart-add endpoint accepts a negative quantity before version 1.0.8.2. This allows negative line totals, subtotals, taxes, and grand totals, causing the merchant order to reflect a negative total and enabling a fraudulent “merchant owes customer money” ...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 6:37 p.m.38 views

CVE-2026-44826 Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS developed by Givan’s developers, used for building websites, blogs, or e-commerce stores. Versions of Vvveb prior to 1.0.8.2 contained security vulnerabilities. These vulnerabilities stemmed from the lack of validation of the quantity parameter in the...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-41353

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.2, Vvveb CMS does not validate the sign of the quantity parameter on the cart-add endpoint. Submitting a negative integer is accepted by the server and treated as a normal positi...

7.5CVSS5.8AI score0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.1 views

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

5.9AI score0.0025EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:0 a.m.1 views

CVE-2026-30576

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption...

5.8AI score0.00256EPSS
Exploits1References2
securityvulns
securityvulns
added 2004/01/16 12:0 a.m.40 views

FishCart Integer Overflow / Rounding Error

FishCartR is a popular full-featured multi-language open source e-commerce system. It is written in PHP4 and works with a variety of database engines. It has been in production for 6 years and is in active use in a number of countries. FishCart has developers in the US and western Europe. On 8...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2004/01/15 5:0 a.m.16 views

CVE-2004-0062

Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity...

6.9AI score0.01317EPSS
Exploits0References2
CVE
CVE
added 2004/01/15 5:0 a.m.43 views

CVE-2004-0062

The CVE-2004-0062 entry concerns FishCart prior to 3.1, where an integer overflow in the rnd arithmetic rounding function can be triggered by an order with a large quantity, enabling remote attackers to cause negative totals. Affected software: FishCart (versions before 3.1). Root cause: integer ...

7.5CVSS7.3AI score0.01317EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder