2 matches found
CVE-2026-60118
CVE-2026-60118 affects Hi.Events up to v1.10.0-beta, where a missing server-side visibility enforcement lets unauthenticated attackers purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hi...
CVE-2026-60118 Hi.Events < 1.11.0 Hidden Ticket Enumeration via Order Creation Endpoint
Hi.Events before 1.11.0 contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hidd...