Lucene search
K

134 matches found

NVD
NVD
added 6 days ago7 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS0.00193EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40144

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 2:58 a.m.17 views

CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.6AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:30 a.m.11 views

EUVD-2026-34996

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.8AI score0.0022EPSS
Exploits0References8
NVD
NVD
added 2026/06/07 11:16 p.m.10 views

CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS0.0022EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/07 10:45 p.m.5 views

CVE-2026-11465

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.6AI score0.0022EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/07 10:45 p.m.28 views

CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS0.0022EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/07 10:45 p.m.9 views

CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error

A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...

3.1CVSS4.6AI score0.0022EPSS
Exploits0References7
CVE
CVE
added 2026/06/07 10:45 p.m.37 views

CVE-2026-11465

CVE-2026-11465 affects songquanpeng’s one-api (up to 0.6.11-preview.7). The issue is in the Redemption Code Top-Up Endpoint, specifically the function Redeem in file model/redemption.go, where manipulation leads to business logic errors. Reported as exploitable remotely with high complexity and l...

3.1CVSS4.7AI score0.0022EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.11 views

One API 安全漏洞

One API is an LLM API management and distribution system developed by JustSong’s developers. Versions of One API prior to 0.6.11-preview.7 contained a security vulnerability. This vulnerability stemmed from a function issue in the Redemption Code Top-Up Endpoint component’s model/redemption.go...

3.1CVSS4.8AI score0.0022EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.17 views

PT-2026-47196

Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...

3.1CVSS5.2AI score0.0022EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-6334

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13 fail to enforce client identity binding during the OAuth authorization code redemption flow which allows an authenticated OAuth client to redeem authorization codes issued to a different client via a crafted token exchange request.. Mattermo...

3.8CVSS5.5AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.13 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS5.5AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 6:2 p.m.21 views

CVE-2026-47741

CVE-2026-47741 affects Shopper, a Headless e-commerce Admin Panel. Before 2.8.0, CreateOrderFromCartAction::execute created the Order row before incrementing the discount’s total_use, allowing a race condition under concurrent checkout that silently exceeded the global usage_limit and applied the...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 6:2 p.m.12 views

EUVD-2026-33409

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/29 6:2 p.m.9 views

CVE-2026-47741

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 6:2 p.m.14 views

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/29 6:2 p.m.35 views

CVE-2026-47741 Shopper: Race condition on Discount.usage_limit allows silent over-redemption

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's totaluse counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usagelimit was...

5.9CVSS0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44942

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, CreateOrderFromCartAction::execute previously created the Order row before checking and incrementing the discount's total use counter. Under concurrent checkout pressure Black Friday, flash sale, viral coupon, the global usage limit wa...

5.9CVSS5.8AI score0.00239EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/18 9:44 a.m.7 views

Authentication Bypass by Primary Weakness

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the OAuth authorization code redemption process. An attacker can gain unauthorized access to resource...

3.8CVSS5.9AI score0.00118EPSS
Exploits0References2
Rows per page
Query Builder