Lucene search
K

78 matches found

NVD
NVD
added 4 days ago12 views

CVE-2026-57960

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS0.00339EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago4 views

EUVD-2026-40145

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 4 days ago4 views

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS0.00339EPSS
Exploits0References3
CVE
CVE
added 4 days ago10 views

CVE-2026-57960

Hi.Events

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.5AI score0.00255EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 3:31 p.m.4 views

EUVD-2026-20463

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 3:31 p.m.4 views

GHSA-WR8Q-C73G-M7GP pretix: API leaks check-in data between events of the same organizer

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/08 3:31 p.m.4 views

pretix: API leaks check-in data between events of the same organizer

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/04/08 1:16 p.m.7 views

PYSEC-2026-111

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.8AI score0.00255EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/04/08 1:16 p.m.4 views

CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS0.00255EPSS
Exploits0References1
OSV
OSV
added 2026/04/08 1:16 p.m.5 views

PYSEC-2026-111

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

4.3CVSS5.8AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 1:10 p.m.5 views

Improper Isolation or Compartmentalization

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the check-in events endpoint. An attacker can access sensitive information related to all check-in events under the same organizer,...

8CVSS5.8AI score0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/08 12:24 p.m.1 views

CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 12:24 p.m.19 views

CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:24 p.m.2 views

CVE-2026-5600

A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/08 12:24 p.m.11 views

CVE-2026-5600

CVE-2026-5600 involves a new API endpoint in pretix (2025 release) that should return check-in events for a specific event but instead exposes all check-in events under the organizer. The affected component is the API handling check-in data; the root cause is an endpoint mis-scoping that leaks re...

5.5CVSS5.9AI score0.00255EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31303

Name of the Vulnerable Software and Affected Versions pretix version 2025 Description A new API endpoint in pretix 2025 incorrectly returns all check-in events belonging to the organizer instead of the specific event. This allows an API consumer to access information for all events under the same...

5.5CVSS5.8AI score0.00255EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.3 views

CVE-2026-4617

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/apipatientcheckin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It i...

7.5CVSS6.7AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 1:17 a.m.6 views

CVE-2026-4617

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/apipatientcheckin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It i...

7.5CVSS0.00348EPSS
Exploits0References5
Rows per page
Query Builder