Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Sorry. No results for Bugtraq WLB2
CVEMAP Search Results
CVE
Details
Description
2024-06-06
CVE-2024-5132
Updating...
In lunary-ai/lunary version 1.2.2, a business logic error allows users to bypass the intended limitations on team member invitations and additions, regardless of their subscription plan. The vulnerability arises due to the lack of validation against the predefined member limits in the SEAT_ALLOWANCE constants during the invitation and joining processes. This issue enables users on any plan, including the free plan, to invite and add more members to a team than allowed, effectively circumventing the system's subscription model. The flaw is located in the backend's handling of user invitations and additions, specifically in the /api/v1/auth/index.ts and /api/v1/users.ts endpoints, where the system fails to check the current number of team members against the allowed limits before proceeding with the invitation and addition operations.
2024-04-16
CVE-2024-1456
Updating...
An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.
2024-03-07
CVE-2024-2267
Updating...
A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic. This issue affects some unknown processing of the file /shop.php. The manipulation of the argument product_price leads to business logic errors. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256037 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
2024-03-04
CVE-2024-2151
Updating...
A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255583.
2023-12-15
CVE-2023-6832
Updating...
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
2023-08-11
CVE-2023-4304
Updating...
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
2023-06-15
CVE-2023-29294
Updating...
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass a minor functionality. Exploitation of this issue does not require user interaction.
2023-06-14
CVE-2023-3228
Updating...
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
CVE-2023-3229
Updating...
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
2023-04-05
CVE-2023-1887
Updating...
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
Copyright
2024
, cxsecurity.com
Back to Top
