Lucene search
K

58 matches found

Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-13039 Eventin 4.0.26 - 4.1.15 - Missing Authorization to Unauthenticated Payment Bypass via REST API

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 3:16 p.m.9 views

CVE-2026-57536

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-13223

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.13 views

CVE-2026-13222

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:8 p.m.32 views

CVE-2026-57536 Insufficient validation of payment status in pretix-mollie

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:8 p.m.23 views

CVE-2026-57536

CVE-2026-57536 affects the pretix-mollie payment integration, where payment status responses are not properly validated. An attacker could reuse a successful payment status from one payment and apply it to a different payment, potentially gaining access to multiple valid tickets with a single pay...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 2:8 p.m.3 views

CVE-2026-57536 Insufficient validation of payment status in pretix-mollie

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS6AI score0.00257EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 2:7 p.m.3 views

CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS6AI score0.00257EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 2:7 p.m.5 views

EUVD-2026-39414

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:3 p.m.30 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.6 views

EUVD-2026-20127

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References7
NVD
NVD
added 2026/04/08 8:16 a.m.6 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS0.00327EPSS
Exploits0References6
CVE
CVE
added 2026/04/08 7:43 a.m.15 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin for WordPress is affected by an Insecure Direct Object Reference in versions up to and including 6.3.7. The vulnerability stems from wpas_get_ticket_replies_ajax() not verifying that the authenticated user has permission to view the reques...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/08 7:43 a.m.5 views

CVE-2026-4654

The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 6.3.7. This is due to the wpasgetticketrepliesajax function failing to verify whether the authenticated user has permission to view th...

5.3CVSS5.9AI score0.00327EPSS
Exploits0References7
EUVD
EUVD
added 2025/11/21 3:31 p.m.4 views

EUVD-2025-198487

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.2.9 via the 'ehcrmticketsingleviewclient' due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS5.1AI score0.00258EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/16 7:59 a.m.4 views

CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito

Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...

7.1CVSS6.5AI score0.0032EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-12602

Malware in sbrugna...

4.3CVSS4.8AI score0.00946EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6366

Malware in sbrugna...

5.5CVSS5.5AI score0.00562EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2006-4381

Malware in sbrugna...

3.7CVSS6.4AI score0.00302EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-18743

Malware in sbrugna...

5.5CVSS5.6AI score0.00474EPSS
Exploits0References2
Rows per page
Query Builder