Lucene search
+L

6 matches found

NVD
NVD
added 2026/06/29 6:16 p.m.19 views

CVE-2026-57960

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS0.00339EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/29 5:24 p.m.8 views

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/29 5:24 p.m.8 views

EUVD-2026-40145

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 5:24 p.m.37 views

CVE-2026-57960 Hi.Events 1.9.0 - Unauthenticated Attendee PII Exposure via Check-in List short_id

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS0.00339EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 5:24 p.m.32 views

CVE-2026-57960

Hi.Events

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.9 views

pearweb SQL注入漏洞

PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a SQL injection vulnerability. This vulnerability stemmed from unsafe literal substitutions in cause-and-effect queries involving IN lists, posing a risk of SQL injection...

9.8CVSS5.9AI score0.00266EPSS
Exploits0References2
Rows per page
Query Builder