Lucene search
K

55 matches found

NVD
NVD
added 2026/06/25 3:16 p.m.7 views

CVE-2026-57536

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.6 views

CVE-2026-13223

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-13222

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:8 p.m.30 views

CVE-2026-57536 Insufficient validation of payment status in pretix-mollie

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:8 p.m.11 views

CVE-2026-57536

CVE-2026-57536 affects the pretix-mollie payment integration, where payment status responses are not properly validated. An attacker could reuse a successful payment status from one payment and apply it to a different payment, potentially gaining access to multiple valid tickets with a single pay...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:7 p.m.4 views

EUVD-2026-39414

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:3 p.m.28 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.4 views

EUVD-2026-20127

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 8:16 a.m.6 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS0.00327EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 7:43 a.m.13 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin for WordPress is affected by an Insecure Direct Object Reference in versions up to and including 6.3.7. The vulnerability stems from wpas_get_ticket_replies_ajax() not verifying that the authenticated user has permission to view the reques...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/08 7:43 a.m.4 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/21 3:31 p.m.4 views

EUVD-2025-198487

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.00252EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/16 7:59 a.m.4 views

CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

7.1CVSS6.5AI score0.00313EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-12602

Malware in sbrugna...

4.3CVSS4.8AI score0.00946EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18743

Malware in sbrugna...

5.5CVSS5.6AI score0.00474EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2006-4381

Malware in sbrugna...

3.7CVSS6.4AI score0.00302EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6366

Malware in sbrugna...

5.5CVSS5.5AI score0.00562EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/03 8:35 p.m.4 views

CVE-2025-10696 OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list

OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner of that list. A Level 1 staff member can modify the supervision relationship of a third party the target user, who can then view the...

7.1CVSS6.4AI score0.00203EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-52176

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00432EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-21247

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0027EPSS
Exploits0References1
Rows per page
Query Builder