Lucene search
K

23 matches found

CVE
CVE
added 2026/07/06 9:49 p.m.14 views

CVE-2026-43927

FOSSBilling has a race-condition vulnerability in the cart checkout flow that, before version 0.8.0, lets an authenticated user apply promo codes beyond their maxuses by sending concurrent checkout requests before usage increments complete. This can enable unlimited discounts or free orders from ...

6.9CVSS6AI score0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 9:49 p.m.5 views

CVE-2026-43927

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 9:49 p.m.31 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS0.0022EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 9:49 p.m.4 views

CVE-2026-43927 FOSSBilling has race condition in cart checkout that bypasses promo code usage limits

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 6:16 p.m.8 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS0.00193EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 5:24 p.m.9 views

EUVD-2026-40144

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:24 p.m.22 views

CVE-2026-57959

CVE-2026-57959 affects Hi.Events up to version 1.9.0. The vulnerability arises in promo code validation where the reservation path checks the usage count before the asynchronous UpdateEventStatisticsJob increments it, enabling a race condition. Attackers can sequentially reserve multiple orders u...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:24 p.m.31 views

CVE-2026-57959 Hi.Events 1.9.0 - Promo Code Max-Usage Bypass via Asynchronous Job Race Condition

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS0.00193EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:24 p.m.7 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-41426

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0042EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 3:29 a.m.8 views

CVE-2024-45300

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...

7.5CVSS7AI score0.0042EPSS
Exploits1References1
NVD
NVD
added 2024/09/06 1:15 p.m.22 views

CVE-2024-45300

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...

7.5CVSS0.0042EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/06 1:2 p.m.15 views

CVE-2024-45300 Bypassing promo code limitations with race conditions

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...

7.5CVSS7AI score0.0042EPSS
Exploits1References2
CVE
CVE
added 2024/09/06 1:2 p.m.55 views

CVE-2024-45300

Vulnerability summary (CVE-2024-45300) : alf.io prior to version 2.0-M5 contains a race condition that lets an attacker bypass the promo-code usage limit and apply a discount coupon multiple times. The underlying issue is a timing gap between checking code usage and enforcing the limit, enabling ...

7.5CVSS6.7AI score0.0042EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/09/06 1:2 p.m.24 views

CVE-2024-45300 Bypassing promo code limitations with race conditions

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply...

7.5CVSS0.0042EPSS
Exploits1References2
OSV
OSV
added 2023/07/27 12:15 p.m.6 views

CVE-2023-3969

A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promocode leads to cros...

5.4CVSS4AI score0.00502EPSS
Exploits1References3
Prion
Prion
added 2023/07/27 12:15 p.m.25 views

Cross site scripting

A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promocode leads to cros...

4CVSS5.3AI score0.00502EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/07/27 12:0 a.m.6 views

Availability Booking Calendar PHP 跨站脚本漏洞

Availability Booking Calendar PHP is GZ Scripts open source an availability booking calendar system . Availability Booking Calendar PHP v1.0 version of a cross-site scripting vulnerability , the vulnerability stems from the file index.php parameter promocode on the user-supplied data lack of...

5.4CVSS6.5AI score0.00502EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/27 12:0 a.m.10 views

PT-2023-27073 · Unknown · Gz Scripts Availability Booking Calendar Php

Name of the Vulnerable Software and Affected Versions: GZ Scripts Availability Booking Calendar PHP version 1.0 Description: A problematic issue has been found in the HTTP POST Request Handler component of the file index.php, where the manipulation of the promo code argument leads to cross site...

5.4CVSS6.6AI score0.00502EPSS
Exploits1References5
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.36 views

PRODSECBUG-1513: Insufficient brute force protections on promo code entry

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.03121EPSS
Exploits0Affected Software1
Rows per page
Query Builder