Lucene search
K

93 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS0.00193EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-40144

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-57959

CVE-2026-57959 affects Hi.Events up to version 1.9.0. The vulnerability arises in promo code validation where the reservation path checks the usage count before the asynchronous UpdateEventStatisticsJob increments it, enabling a race condition. Attackers can sequentially reserve multiple orders u...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-57959 Hi.Events 1.9.0 - Promo Code Max-Usage Bypass via Asynchronous Job Race Condition

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37648

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-22325

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS0.00363EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.7 views

CVE-2026-22325

CVE-2026-22325 — Local File Inclusion in WordPress Promo theme <= 1.3.0, unauthenticated. Affected: Promo (WordPress theme). Root cause: local file inclusion vulnerability enabling access to local files. Impact: high (CVE metrics show Confidentiality, Integrity, Availability all at High; CVSS ...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.26 views

CVE-2026-22325 WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.10 views

CVE-2025-40639

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

9.8CVSS5.7AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 12:31 p.m.3 views

EUVD-2025-208400

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

8.7CVSS5.7AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/09 9:31 a.m.30 views

CVE-2025-40639 SQL injection in Eventobot

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...

8.7CVSS0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 9:31 a.m.9 views

CVE-2025-40639

CVE-2025-40639 — Eventobot SQL injection is confirmed by connected sources. The vulnerability affects Eventobot and is exploitable via the promo_send parameter in the /assets/php/calculate_discount.php endpoint. The underlying issue allows an attacker to perform SQL operations including retrieve,...

9.8CVSS5.7AI score0.00321EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.14 views

PT-2026-24051

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo send' parameter in the '/assets/php/calculate discount.php'...

8.7CVSS5.7AI score0.00321EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/09 12:0 a.m.10 views

Eventobot SQL注入漏洞

Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a SQL injection vulnerability, which stems from insufficient cleaning and escaping of the promosend parameter. This vulnerability may lead to SQL injection attacks...

9.8CVSS5.8AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/02/18 5:16 a.m.5 views

CVE-2026-1277

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

4.7CVSS0.00592EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/12 2:6 p.m.5 views

WordPress Promo theme <= 1.3.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Promo versions = 1.3.0...

7.1AI score0.00363EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27936

Malicious code in bioql PyPI...

4.3CVSS6.4AI score0.00235EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-41426

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0042EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.5 views

Malicious code in raid-shadow-legends-promo-codes288 (npm)

The package raid-shadow-legends-promo-codes288 was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/05 5:10 p.m.4 views

MAL-2025-45752 Malicious code in raid-shadow-legends-promo-codes288 (npm)

The package raid-shadow-legends-promo-codes288 was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder