CWE-840
53 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-840page 1 of 2
- CVE-2018-25104MEDIUMCVSS 4.3EG 4.32024-10-17
A vulnerability was found in CoinGate Plugin up to 1.2.7 on PrestaShop. It has been rated as problematic. Affected by this issue is the function postProcess of the file modules/coingate/controllers/front/callback.php of the component Payme…
- CVE-2019-15608MEDIUMCVSS 5.9EG 5.92020-03-15
The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.
- CVE-2019-3787HIGHCVSS 8.3EG 8.32019-06-19
Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which le…
- CVE-2019-3789MEDIUMCVSS 6.52019-04-24
Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shad…
- CVE-2020-8181MEDIUMCVSS 4.3EG 4.32020-07-10
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
- CVE-2020-8228MEDIUMCVSS 5.3EG 5.32020-10-05
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
- CVE-2021-22897MEDIUMCVSS 5.3EG 5.32021-06-11
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a singl…
- CVE-2021-22922MEDIUMCVSS 6.5EG 6.52021-08-05
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of differ…
- CVE-2021-22926HIGHCVSS 7.5EG 7.52021-08-05
libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library S…
- CVE-2021-36012MEDIUMCVSS 6.5EG 6.52021-09-01
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the…
- CVE-2021-4111MEDIUMCVSS 4.3EG 7.32021-12-15
yetiforcecrm is vulnerable to Business Logic Errors
- CVE-2021-4117MEDIUMCVSS 4.3EG 4.32021-12-15
yetiforcecrm is vulnerable to Business Logic Errors
- CVE-2021-4146MEDIUMCVSS 4.3EG 4.32022-01-18
Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6.
- CVE-2021-4171CRITICALCVSS 9.8EG 9.82022-01-17
calibre-web is vulnerable to Business Logic Errors
- CVE-2022-0514MEDIUMCVSS 6.5EG 6.52022-03-21
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
- CVE-2022-0524HIGHCVSS 7.5EG 7.52022-02-08
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
- CVE-2022-0688MEDIUMCVSS 4.9EG 4.92022-02-20
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
- CVE-2022-0689MEDIUMCVSS 5.3EG 5.32022-02-19
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11.
- CVE-2022-0746MEDIUMCVSS 4.3EG 4.32022-02-25
Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0.
- CVE-2022-0935HIGHCVSS 8.8EG 8.82022-04-07
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.
- CVE-2022-1155HIGHCVSS 7.4EG 7.42022-03-30
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
- CVE-2022-1848MEDIUMCVSS 5.3EG 5.32022-05-24
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
- CVE-2022-27782HIGHCVSS 7.5EG 7.52022-06-02
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if …
- CVE-2022-32207CRITICALCVSS 9.8EG 9.82022-07-07
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accident…
- CVE-2022-32208MEDIUMCVSS 5.9EG 5.92022-07-07
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
- CVE-2022-3363CRITICALCVSS 9.8EG 9.82022-10-26
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.
- CVE-2022-4719CRITICALCVSS 9.8EG 9.82022-12-27
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.
- CVE-2023-0565MEDIUMCVSS 5.5EG 5.52023-01-29
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
- CVE-2023-1541LOWCVSS 3.8EG 3.82023-03-21
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
- CVE-2023-1542MEDIUMCVSS 5.4EG 5.42023-03-21
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
- CVE-2023-1887MEDIUMCVSS 4.3EG 4.32023-04-05
Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
- CVE-2023-29294MEDIUMCVSS 4.3EG 4.32023-06-15
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage t…
- CVE-2023-3228MEDIUMCVSS 5.7EG 5.42023-06-14
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
- CVE-2023-3229MEDIUMCVSS 6.5EG 5.42023-06-14
Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.
- CVE-2023-4304LOWCVSS 3.8EG 3.82023-08-11
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.
- CVE-2023-6017HIGHCVSS 7.1EG 8.72023-11-16
H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL.
- CVE-2023-6514HIGHCVSS 8.8EG 8.82023-12-06
The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions. Successful exploitation of…
- CVE-2023-6566MEDIUMCVSS 6.5EG 6.52023-12-07
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
- CVE-2023-6832MEDIUMCVSS 4.3EG 4.32023-12-15
Business Logic Errors in GitHub repository microweber/microweber prior to 2.0.
- CVE-2023-7271MEDIUMCVSS 5.5EG 5.52024-07-25
Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability.
- CVE-2024-1456HIGHCVSS 7.1EG 7.12024-04-16
An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover.
- CVE-2024-1682MEDIUMCVSS 4.3EG 4.32024-11-14
An unclaimed Amazon S3 bucket, 'codeconf', is referenced in an audio file link within the .rst documentation file. This bucket has been claimed by an external party. The use of this unclaimed S3 bucket could lead to data integrity issues, …
- CVE-2024-2151MEDIUMCVSS 4.3EG 4.32024-03-04
A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument q…
- CVE-2024-2267MEDIUMCVSS 4.3EG 4.32024-03-07
A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic. This issue affects some unknown processing of the file /shop.php. The manipulation of the argument product_price leads to business logic e…
- CVE-2024-32999MEDIUMCVSS 6.8EG 6.82024-05-14
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
- CVE-2024-39671CRITICALCVSS 9.3EG 9.32024-07-25
Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-4046MEDIUMCVSS 6.4EG 6.42024-05-14
Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability.
- CVE-2024-42034MEDIUMCVSS 6.6EG 6.62024-08-08
LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-51523HIGHCVSS 7.1EG 7.12024-11-05
Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
- CVE-2024-54098HIGHCVSS 8.5EG 8.52024-12-12
Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity.
Map vulnerabilities like CWE-840 to your infrastructure
EchelonGraph correlates every CVE — across CWE-840 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →