{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2110", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-06T14:25:50.481Z", "datePublished": "2026-02-07T20:02:07.510Z", "dateUpdated": "2026-02-23T09:34:21.859Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:34:21.859Z"}, "title": "Tasin1025 SwiftBuy login.php excessive authentication", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-307", "lang": "en", "description": "Improper Restriction of Excessive Authentication Attempts"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-799", "lang": "en", "description": "Improper Control of Interaction Frequency"}]}], "affected": [{"vendor": "Tasin1025", "product": "SwiftBuy", "versions": [{"version": "0f5011372e8d1d7edfd642d57d721c9fadc54ec7", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-06T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-06T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-08T00:50:05.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "MaloyRoyOrko (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.344686", "name": "VDB-344686 | Tasin1025 SwiftBuy login.php excessive authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.344686", "name": "VDB-344686 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.746251", "name": "Submit #746251 | Md Tasin Rahman Swiftbuy 1.0 Improper Restriction of Excessive Authentication Attempts", "tags": ["third-party-advisory"]}, {"url": "https://www.websecurityinsights.my.id/2026/01/swiftbuy-v-10-loginphp-no-limit-to.html", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T16:10:15.939457Z", "id": "CVE-2026-2110", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T16:10:30.720Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2110", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T16:10:15.939457Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T16:10:21.918Z"}}], "cna": {"title": "Tasin1025 SwiftBuy login.php excessive authentication", "credits": [{"lang": "en", "type": "reporter", "value": "MaloyRoyOrko (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Tasin1025", "product": "SwiftBuy", "versions": [{"status": "affected", "version": "0f5011372e8d1d7edfd642d57d721c9fadc54ec7"}]}], "timeline": [{"lang": "en", "time": "2026-02-06T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-06T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-08T00:50:05.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.344686", "name": "VDB-344686 | Tasin1025 SwiftBuy login.php excessive authentication", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.344686", "name": "VDB-344686 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.746251", "name": "Submit #746251 | Md Tasin Rahman Swiftbuy 1.0 Improper Restriction of Excessive Authentication Attempts", "tags": ["third-party-advisory"]}, {"url": "https://www.websecurityinsights.my.id/2026/01/swiftbuy-v-10-loginphp-no-limit-to.html", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "Improper Restriction of Excessive Authentication Attempts"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-799", "description": "Improper Control of Interaction Frequency"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T09:34:21.859Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2110", "state": "PUBLISHED", "dateUpdated": "2026-02-23T09:34:21.859Z", "dateReserved": "2026-02-06T14:25:50.481Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-07T20:02:07.510Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:swiftbuy:swiftbuy:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "68C98236-16E8-4CE6-8195-97F503E2E40E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been released to the public and may be used for attacks. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una falla de seguridad ha sido descubierta en Tasin1025 SwiftBuy hasta 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Afectada por esta vulnerabilidad es una funcionalidad desconocida del archivo /login.PHP. Realizar una manipulaci\u00f3n resulta en una restricci\u00f3n inadecuada de intentos excesivos de autenticaci\u00f3n. La explotaci\u00f3n remota del ataque es posible. La complejidad del ataque se califica como alta. La explotaci\u00f3n parece ser dif\u00edcil. El exploit ha sido liberado al p\u00fablico y puede ser utilizado para ataques. Este producto sigue un enfoque de lanzamiento continuo para la entrega continua, por lo que no se proporcionan detalles de la versi\u00f3n para las versiones afectadas o actualizadas. El proveedor fue contactado con antelaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2026-2110", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-07T20:15:56.373", "references": [{"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.344686"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.344686"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.746251"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.websecurityinsights.my.id/2026/01/swiftbuy-v-10-loginphp-no-limit-to.html"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-307"}, {"lang": "en", "value": "CWE-799"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-307"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T13:20:29.803480+00:00", "value": {"mitigation_remediation": ["Apply rate\u2011limiting logic to the /login.php endpoint to restrict the number of authentication attempts per IP or account", "Restrict or firewall access to the /login.php endpoint by IP address or network segment and enforce strong password policies for all accounts", "Monitor authentication logs for repeated failed login attempts and automatically block offending IP addresses or enforce temporary account lockouts", "Stay informed of vendor updates and plan to upgrade to a patched version once it becomes available"], "summary": {"action": "Mitigate", "impact": "Authentication Brute\u2011Force / DoS"}, "threat_synthesis": {"affected_systems": "The affected product is Tasin1025 SwiftBuy version 1.0, as indicated by the CPE entry. Any publicly reachable instance of this application is susceptible unless mitigated by external controls.", "description_and_impact": "An improper restriction of excessive authentication attempts was found in the /login.php file of Tasin1025 SwiftBuy. Based on the description, it is inferred that the flaw allows an attacker to launch an unlimited number of login attempts from a remote source, potentially enabling credential brute\u2011force or denial\u2011of\u2011service attacks. Because the vulnerability is not limited by account lockout or rate limiting, repeated attempts can overwhelm the authentication process or enable account takeover if credentials are guessed.", "risk_and_exploitability": "The issue carries a CVSS score of 6.3, which places it in the medium severity range. The EPSS score is reported as less than 1%, indicating a low but non\u2011zero probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The attack is considered remote, the attack complexity is high, and exploitation is described as difficult. While the potential impact includes denial of service and possible account compromise, the likelihood of immediate exploitation remains low given the complexity and current lack of vendor response."}}}}, "created": "2026-02-09T10:44:15.308297+00:00", "updated": "2026-04-18T13:30:45.740320+00:00", "vendors": ["tasin1025", "tasin1025$PRODUCT$swiftbuy"]}