93 matches found
CVE-2026-57959
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
EUVD-2026-40144
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
CVE-2026-57959
CVE-2026-57959 affects Hi.Events up to version 1.9.0. The vulnerability arises in promo code validation where the reservation path checks the usage count before the asynchronous UpdateEventStatisticsJob increments it, enabling a race condition. Attackers can sequentially reserve multiple orders u...
CVE-2026-57959 Hi.Events 1.9.0 - Promo Code Max-Usage Bypass via Asynchronous Job Race Condition
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
EUVD-2026-37648
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
CVE-2026-22325
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
CVE-2026-22325
CVE-2026-22325 — Local File Inclusion in WordPress Promo theme <= 1.3.0, unauthenticated. Affected: Promo (WordPress theme). Root cause: local file inclusion vulnerability enabling access to local files. Impact: high (CVE metrics show Confidentiality, Integrity, Availability all at High; CVSS ...
CVE-2026-22325 WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability
Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...
CVE-2025-40639
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
EUVD-2025-208400
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
CVE-2025-40639 SQL injection in Eventobot
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...
CVE-2025-40639
CVE-2025-40639 — Eventobot SQL injection is confirmed by connected sources. The vulnerability affects Eventobot and is exploitable via the promo_send parameter in the /assets/php/calculate_discount.php endpoint. The underlying issue allows an attacker to perform SQL operations including retrieve,...
PT-2026-24051
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo send' parameter in the '/assets/php/calculate discount.php'...
Eventobot SQL注入漏洞
Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a SQL injection vulnerability, which stems from insufficient cleaning and escaping of the promosend parameter. This vulnerability may lead to SQL injection attacks...
CVE-2026-1277
The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...
WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Promo versions = 1.3.0...
EUVD-2025-27936
Malicious code in bioql PyPI...
EUVD-2024-41426
Malicious code in bioql PyPI...
Malicious code in raid-shadow-legends-promo-codes288 (npm)
The package raid-shadow-legends-promo-codes288 was found to contain malicious code...
MAL-2025-45752 Malicious code in raid-shadow-legends-promo-codes288 (npm)
The package raid-shadow-legends-promo-codes288 was found to contain malicious code...