Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 4 hours ago6 views

CVE-2026-57960

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS
Exploits0References3
CVE
CVEadded 4 hours ago7 views

CVE-2026-57960

Hi.Events

8.3CVSS5.8AI score
Exploits0References3
EUVD
EUVDadded 4 hours ago4 views

EUVD-2026-40145

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/11/28 8:8 p.m.10 views

CVE-2025-13742

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS6AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/03/09 2:37 a.m.5 views

CVE-2024-13526

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the exportsubmittionattendees function in all versions up to, and including, 4.0.7.3. This makes it possible for authenticated attackers,...

4.3CVSS6.5AI score0.00272EPSS
Exploits0References1
NVD
NVDadded 2025/03/07 2:15 a.m.10 views

CVE-2024-13526

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the exportsubmittionattendees function in all versions up to, and including, 4.0.7.3. This makes it possible for authenticated attackers,...

4.3CVSS0.00272EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/03/07 1:44 a.m.5 views

CVE-2024-13526 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the exportsubmittionattendees function in all versions up to, and including, 4.0.7.3. This makes it possible for authenticated attackers,...

4.3CVSS6.7AI score0.00272EPSS
Exploits0References2
NVD
NVDadded 2024/07/17 7:15 a.m.24 views

CVE-2024-6033

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...

4.3CVSS0.00362EPSS
Exploits0References3
Rows per page
Query Builder