Lucene search
+L

5 matches found

OSV
OSV
added 2026/06/25 2:3 p.m.2 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS6AI score0.00257EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/06/17 2:50 p.m.7 views

freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS5.7AI score0.01827EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/06/17 2:23 p.m.5 views

freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

9.1CVSS5.7AI score0.01827EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.8 views

PT-2025-34: Privilege escalation from host to domain admin in FreeIPA

The vulnerability was identified in FreeIPA, versions to 4.12.4. The discovered vulnerability allows an attacker to retrieve a Kerberos ticket for domain admin. The vulnerability allows an attacker to access and exfiltrate sensitive data. Vulnerability status: Confirmed by vendor Date of...

9.4CVSS7.5AI score0.01827EPSS
Exploits1References2
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/06/28 12:31 p.m.17 views

Glastonbury ticket hijack vulnerability fixed

The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying information e.g. on Reddit to gather people’s details, use a flaw in the registration process and...

6.8AI score
Exploits0
Rows per page
Query Builder