Lucene search
K

151 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS0.00253EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-13603

CVE-2026-13603 affects the pretix-oppwa payment integration. The vulnerability arises from insecure handling of Oppwa’s API URL: the code concatenated resourcePath from the return URL to baseUrl without validation and without a trailing slash, enabling an attacker to redirect the API call to a di...

10CVSS5.8AI score0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS5.8AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57534

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-13314

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:11 p.m.5 views

EUVD-2026-39416

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:11 p.m.29 views

CVE-2026-57534 Stored XSS in pretix-pages

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:11 p.m.12 views

CVE-2026-57534

Summary: CVE-2026-57534 affects the pretix-pages plugin, where malicious HTML content can be injected into a page’s content, causing a stored XSS condition. The root cause is described as unsafe handling of page content within the plugin; exploitation details are not provided beyond the stored-XS...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:8 p.m.9 views

CVE-2026-57536

CVE-2026-57536 affects the pretix-mollie payment integration, where payment status responses are not properly validated. An attacker could reuse a successful payment status from one payment and apply it to a different payment, potentially gaining access to multiple valid tickets with a single pay...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:7 p.m.28 views

CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:3 p.m.28 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:3 p.m.8 views

CVE-2026-13223

Affected component: pretix with Computop-based payment methods. Root cause: insufficient validation of payment status responses. Impact: an attacker could reuse a successful status for one payment to complete a different payment, gaining access to multiple valid tickets from a single payment. Thi...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:53 p.m.4 views

EUVD-2026-39412

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS5.8AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:53 p.m.28 views

CVE-2026-13314 Stored XSS in pretix-digital

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:53 p.m.9 views

CVE-2026-13314

Summary (CVE-2026-13314) : The issue is a Stored XSS in the pretix-digital plugin. Malicious HTML content can be injected into content rendered by the plugin, enabling an attacker to influence client-side content in the affected flow. Connected records (NVD and CVE list) concur on the same descri...

2CVSS5.8AI score0.0033EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. Pretix has a security vulnerability. This vulnerability stems from including the secrets of connected gift cards during the creation of all reusable media exports. As a result, it is possible for users who create these exports t...

6.9CVSS5.4AI score0.00229EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.8 views

CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 2:35 p.m.23 views

CVE-2026-9712

CVE-2026-9712 concerns the pretix API where exporting creates a UUID for the export job and later a download request uses that UUID. The root cause is that one API endpoint did not verify that the download UUID actually corresponds to a file that is downloadable and belongs to the correct user. T...

7CVSS5.8AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:35 p.m.7 views

CVE-2026-9712 Insecure direct object reference

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 2:35 p.m.38 views

CVE-2026-9712 Insecure direct object reference

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS0.00219EPSS
Exploits0References1
Rows per page
Query Builder