CVE-2026-60118 Hi.Events < 1.11.0 Hidden Ticket Enumeration via Order Creation Endpoint
Hi.Events before 1.11.0 contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hidd...