Lucene search
K

157 matches found

OSV
OSV
added 6 days ago12 views

PYSEC-2026-1802 pretix has Broken Access Control Allowing Cross-User File Access via UUID

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
OSV
OSV
added 6 days ago8 views

PYSEC-2026-1803 pretix has Broken Access Control Allowing Cross-User File Access via UUID

Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

7CVSS5.9AI score0.00226EPSS
Exploits0References6
OSV
OSV
added 6 days ago3 views

PYSEC-2026-1801 pretix allows Pillow to parse EPS files

pretix before 2023.7.2 allows Pillow to parse EPS files...

7.8CVSS7.1AI score0.003EPSS
Exploits0References9
Snyk
Snyk
added 2026/07/01 3:34 p.m.5 views

Improper Input Validation

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Input Validation via improper validation of session parameters in the payment integration plugins and the use of shared cryptographic keys and salts across unrelated...

9.9CVSS6AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 2:16 p.m.6 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:18 p.m.8 views

CVE-2026-13603

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS5.8AI score0.00253EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 1:18 p.m.17 views

CVE-2026-13603

CVE-2026-13603 affects the pretix-oppwa payment integration. The vulnerability arises from insecure handling of Oppwa’s API URL: the code concatenated resourcePath from the return URL to baseUrl without validation and without a trailing slash, enabling an attacker to redirect the API call to a di...

10CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.15 views

CVE-2026-57534

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.14 views

CVE-2026-13314

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:11 p.m.31 views

CVE-2026-57534 Stored XSS in pretix-pages

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:11 p.m.13 views

CVE-2026-57534

Summary: CVE-2026-57534 affects the pretix-pages plugin, where malicious HTML content can be injected into a page’s content, causing a stored XSS condition. The root cause is described as unsafe handling of page content within the plugin; exploitation details are not provided beyond the stored-XS...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 2:11 p.m.5 views

CVE-2026-57534

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 2:11 p.m.7 views

EUVD-2026-39416

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:8 p.m.22 views

CVE-2026-57536

CVE-2026-57536 affects the pretix-mollie payment integration, where payment status responses are not properly validated. An attacker could reuse a successful payment status from one payment and apply it to a different payment, potentially gaining access to multiple valid tickets with a single pay...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:7 p.m.31 views

CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:3 p.m.29 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:3 p.m.9 views

CVE-2026-13223

Affected component: pretix with Computop-based payment methods. Root cause: insufficient validation of payment status responses. Impact: an attacker could reuse a successful status for one payment to complete a different payment, gaining access to multiple valid tickets from a single payment. Thi...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:53 p.m.30 views

CVE-2026-13314 Stored XSS in pretix-digital

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:53 p.m.6 views

EUVD-2026-39412

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin...

2CVSS5.8AI score0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:53 p.m.13 views

CVE-2026-13314

Summary (CVE-2026-13314) : The issue is a Stored XSS in the pretix-digital plugin. Malicious HTML content can be injected into content rendered by the plugin, enabling an attacker to influence client-side content in the affected flow. Connected records (NVD and CVE list) concur on the same descri...

2CVSS5.8AI score0.0033EPSS
Exploits0References1
Rows per page
Query Builder