23 matches found
CVE-2026-43927
FOSSBilling has a race-condition vulnerability in the cart checkout flow that, before version 0.8.0, lets an authenticated user apply promo codes beyond their maxuses by sending concurrent checkout requests before usage increments complete. This can enable unlimited discounts or free orders from ...
CVE-2026-43927
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...
CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...
CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...
CVE-2026-57959
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
EUVD-2026-40144
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
CVE-2026-57959
CVE-2026-57959 affects Hi.Events up to version 1.9.0. The vulnerability arises in promo code validation where the reservation path checks the usage count before the asynchronous UpdateEventStatisticsJob increments it, enabling a race condition. Attackers can sequentially reserve multiple orders u...
CVE-2026-57959 Hi.Events 1.9.0 - Promo Code Max-Usage Bypass via Asynchronous Job Race Condition
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
CVE-2026-57959
Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...
EUVD-2024-41426
Malicious code in bioql PyPI...
CVE-2024-45300
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...
CVE-2024-45300
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...
CVE-2024-45300 Bypassing promo code limitations with race conditions
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...
CVE-2024-45300
Vulnerability summary (CVE-2024-45300) : alf.io prior to version 2.0-M5 contains a race condition that lets an attacker bypass the promo-code usage limit and apply a discount coupon multiple times. The underlying issue is a timing gap between checking code usage and enforcing the limit, enabling ...
CVE-2024-45300 Bypassing promo code limitations with race conditions
alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...
CVE-2023-3969
A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promocode leads to cros...
Cross site scripting
A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promocode leads to cros...
Availability Booking Calendar PHP 跨站脚本漏洞
Availability Booking Calendar PHP is GZ Scripts open source an availability booking calendar system . Availability Booking Calendar PHP v1.0 version of a cross-site scripting vulnerability , the vulnerability stems from the file index.php parameter promocode on the user-supplied data lack of...
PT-2023-27073 · Unknown · Gz Scripts Availability Booking Calendar Php
Name of the Vulnerable Software and Affected Versions: GZ Scripts Availability Booking Calendar PHP version 1.0 Description: A problematic issue has been found in the HTTP POST Request Handler component of the file index.php, where the manipulation of the promo code argument leads to cross site...
PRODSECBUG-1513: Insufficient brute force protections on promo code entry
More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...