CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

335 matches found

CVE-2025-48570

In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00003EPSS

Exploits0References1

Cvelist•added 3 days ago•23 views

CVE-2025-48570

0.00003EPSS

Exploits0References1

OSV•added 2026/04/23 7:17 p.m.•5 views

PYSEC-2026-108

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

5.4CVSS5.9AI score0.00044EPSS

Exploits0References1

Snyk•added 2026/04/18 1:11 a.m.•1 views

Cross-site Scripting (XSS)

Overview pretalx is a Conference organisation: CfPs, scheduling, much more Affected versions of this package are vulnerable to Cross-site Scripting XSS in the organizer search. An attacker can execute arbitrary JavaScript code in the context of an organizer's browser by injecting malicious payloa...

8.7CVSS5.8AI score0.00044EPSS

Exploits0References2

Fedora•added 2026/04/13 9:7 p.m.•3 views

[SECURITY] Fedora 44 Update: shotwell-33~alpha-9.fc44

Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...

9.8CVSS5.8AI score0.00078EPSS

Exploits3

Fedora•added 2026/04/13 9:7 p.m.•2 views

[SECURITY] Fedora 44 Update: gthumb-3.12.10-7.fc44

gthumb is an application for viewing, editing, and organizing collections of images...

9.8CVSS5.8AI score0.00078EPSS

Exploits3

Positive Technologies•added 2026/04/10 12:0 a.m.•1 views

PT-2026-31952

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.3.0 Description Vikunja, a self-hosted task management platform, has an issue where the CalDAV output generator doesn't properly escape characters in iCalendar VTODO entries. Specifically, user-controlled task title...

4.1CVSS5.9AI score0.00032EPSS

Exploits1References8

OSV•added 2026/04/08 3:31 p.m.•0 views

GHSA-WR8Q-C73G-M7GP pretix: API leaks check-in data between events of the same organizer

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.9AI score0.00011EPSS

Exploits0References3

EUVD•added 2026/04/08 3:31 p.m.•1 views

EUVD-2026-20463

5.5CVSS5.9AI score0.00011EPSS

Exploits0References2

Github Security Blog•added 2026/04/08 3:31 p.m.•1 views

pretix: API leaks check-in data between events of the same organizer

5.5CVSS5.9AI score0.00011EPSS

Exploits0References3Affected Software1

PyPA•added 2026/04/08 1:16 p.m.•3 views

PYSEC-2026-111

5.5CVSS5.8AI score0.00011EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/08 1:16 p.m.•1 views

CVE-2026-5600

5.5CVSS0.00011EPSS

Exploits0References1

OSV•added 2026/04/08 1:16 p.m.•2 views

PYSEC-2026-111

4.3CVSS5.8AI score0.00011EPSS

Exploits0References1

Snyk•added 2026/04/08 1:10 p.m.•2 views

Improper Isolation or Compartmentalization

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the check-in events endpoint. An attacker can access sensitive information related to all check-in events under the same organizer,...

8CVSS5.8AI score0.00011EPSS

Exploits0References2

Cvelist•added 2026/04/08 12:24 p.m.•16 views

CVE-2026-5600

5.5CVSS0.00011EPSS

Exploits0References1

ATTACKERKB•added 2026/04/08 12:24 p.m.•1 views

CVE-2026-5600

5.5CVSS5.9AI score0.00011EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/08 12:24 p.m.•0 views

CVE-2026-5600

5.5CVSS5.9AI score0.00011EPSS

Exploits0References1

CVE•added 2026/04/08 12:24 p.m.•5 views

CVE-2026-5600

CVE-2026-5600 involves a new API endpoint in pretix (2025 release) that should return check-in events for a specific event but instead exposes all check-in events under the organizer. The affected component is the API handling check-in data; the root cause is an endpoint mis-scoping that leaks re...

5.5CVSS5.9AI score0.00011EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/04/08 12:0 a.m.•3 views

pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. The pretix 2025 version contains a security vulnerability. This vulnerability stems from the API endpoint returning information about all organizers’ sign-in events. As a result, API users may access event information that shoul...

5.5CVSS5.8AI score0.00011EPSS

Exploits0References1

Positive Technologies•added 2026/04/08 12:0 a.m.•1 views

PT-2026-31303

Name of the Vulnerable Software and Affected Versions pretix version 2025 Description A new API endpoint in pretix 2025 incorrectly returns all check-in events belonging to the organizer instead of the specific event. This allows an API consumer to access information for all events under the same...

5.5CVSS5.8AI score0.00011EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by