CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

71 matches found

EUVD•added 2026/04/08 3:31 p.m.•1 views

EUVD-2026-20463

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.9AI score0.00011EPSS

Exploits0References2

OSV•added 2026/04/08 3:31 p.m.•1 views

GHSA-WR8Q-C73G-M7GP pretix: API leaks check-in data between events of the same organizer

5.5CVSS5.9AI score0.00011EPSS

Exploits0References3

Github Security Blog•added 2026/04/08 3:31 p.m.•1 views

pretix: API leaks check-in data between events of the same organizer

5.5CVSS5.9AI score0.00011EPSS

Exploits0References3Affected Software1

PyPA•added 2026/04/08 1:16 p.m.•4 views

PYSEC-2026-111

5.5CVSS5.8AI score0.00011EPSS

Exploits0References1Affected Software1

NVD•added 2026/04/08 1:16 p.m.•1 views

CVE-2026-5600

5.5CVSS0.00011EPSS

Exploits0References1

OSV•added 2026/04/08 1:16 p.m.•2 views

PYSEC-2026-111

4.3CVSS5.8AI score0.00011EPSS

Exploits0References1

Snyk•added 2026/04/08 1:10 p.m.•2 views

Improper Isolation or Compartmentalization

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the check-in events endpoint. An attacker can access sensitive information related to all check-in events under the same organizer,...

8CVSS5.8AI score0.00011EPSS

Exploits0References2

ATTACKERKB•added 2026/04/08 12:24 p.m.•1 views

CVE-2026-5600

5.5CVSS5.9AI score0.00011EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/08 12:24 p.m.•16 views

CVE-2026-5600

5.5CVSS0.00011EPSS

Exploits0References1

Vulnrichment•added 2026/04/08 12:24 p.m.•0 views

CVE-2026-5600

5.5CVSS5.9AI score0.00011EPSS

Exploits0References1

CVE•added 2026/04/08 12:24 p.m.•6 views

CVE-2026-5600

CVE-2026-5600 involves a new API endpoint in pretix (2025 release) that should return check-in events for a specific event but instead exposes all check-in events under the organizer. The affected component is the API handling check-in data; the root cause is an endpoint mis-scoping that leaks re...

5.5CVSS5.9AI score0.00011EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31303

Name of the Vulnerable Software and Affected Versions pretix version 2025 Description A new API endpoint in pretix 2025 incorrectly returns all check-in events belonging to the organizer instead of the specific event. This allows an API consumer to access information for all events under the same...

5.5CVSS5.8AI score0.00011EPSS

Exploits0References7

RedhatCVE•added 2026/03/26 3:6 p.m.•1 views

CVE-2026-4617

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/apipatientcheckin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It i...

7.5CVSS6.7AI score0.0002EPSS

Exploits0References1

NVD•added 2026/03/24 1:17 a.m.•2 views

CVE-2026-4617

7.5CVSS0.0002EPSS

Exploits0References5

EUVD•added 2026/03/24 12:52 a.m.•2 views

EUVD-2026-14674

7.5CVSS5.5AI score0.0002EPSS

Exploits0References5

Positive Technologies•added 2026/03/24 12:0 a.m.•1 views

PT-2026-27284

Name of the Vulnerable Software and Affected Versions SourceCodester Patients Waiting Area Queue Management System version 1.0 Description A flaw exists in the Patient Check-In Module of the software, specifically within the ValidateToken function located in the /php/api patient checkin.php file...

7.5CVSS7.1AI score0.0002EPSS

Exploits0References9

Cvelist•added 2026/03/11 1:24 p.m.•23 views

CVE-2026-3496 JetBooking <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter

The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'checkindate' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

7.5CVSS0.00096EPSS

Exploits0References2

CVE•added 2026/03/11 1:24 p.m.•8 views

CVE-2026-3496

CVE-2026-3496 – JetBooking for WordPress is an unauthenticated SQL Injection in the check_in_date parameter affecting all versions up to 4.0.3. The root cause is insufficient escaping of user input and lack of proper SQL query preparation, enabling attackers to append additional SQL to queries an...

7.5CVSS5.8AI score0.00096EPSS

Exploits0References2

ATTACKERKB•added 2026/02/12 10:1 p.m.•3 views

CVE-2026-26068

emp3r0r is a stealth-focused C2 designed by Linux users for Linux environments. Prior to 3.21.1, untrusted agent metadata Transport, Hostname is accepted during check-in and later interpolated into tmux shell command strings executed via /bin/sh -c. This enables command injection and remote code...

9.3CVSS6.5AI score0.00656EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/12 12:0 a.m.•2 views

PT-2026-7913

Name of the Vulnerable Software and Affected Versions emp3r0r versions prior to 3.21.1 Description emp3r0r is a command and control C2 tool designed for Linux environments. Versions prior to 3.21.1 accept untrusted agent metadata, specifically Transport and Hostname, during the check-in process...

9.3CVSS6.4AI score0.00656EPSS

Exploits1References10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by