Lucene search
+L

4468 matches found

Cvelist
Cvelist
added 2026/06/25 2:8 p.m.34 views

CVE-2026-57536 Insufficient validation of payment status in pretix-mollie

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:8 p.m.26 views

CVE-2026-57536

CVE-2026-57536 affects the pretix-mollie payment integration, where payment status responses are not properly validated. An attacker could reuse a successful payment status from one payment and apply it to a different payment, potentially gaining access to multiple valid tickets with a single pay...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 2:8 p.m.4 views

CVE-2026-57536 Insufficient validation of payment status in pretix-mollie

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment...

6.3CVSS6AI score0.00257EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 2:7 p.m.10 views

EUVD-2026-39414

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 2:7 p.m.4 views

CVE-2026-13222 Insufficient validation of payment status in pretix-oppwa

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS6AI score0.00257EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 2:3 p.m.33 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 2:3 p.m.2 views

CVE-2026-13223 Insufficient validation of payment status in pretix-computop

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS6AI score0.00257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52509

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in org.keycloak.authorization allows an authenticated user who possesses a User-Managed Access UMA permission ticket for a single resource to bypass per-resource access control. By...

4.6CVSS5.8AI score0.00166EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 9:16 p.m.9 views

CVE-2025-64105

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating relid when reltype=order, an authenticated...

5.1CVSS0.00265EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 7:45 p.m.33 views

CVE-2025-64105 FOSSBilling: IDOR Vulnerability in Support Ticket Creation

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating relid when reltype=order, an authenticated...

5.1CVSS0.00265EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:45 p.m.5 views

CVE-2025-64105

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating relid when reltype=order, an authenticated...

5.1CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/23 7:45 p.m.13 views

CVE-2025-64105

Summary: FOSSBilling

5.1CVSS5.8AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 7:45 p.m.6 views

CVE-2025-64105 FOSSBilling: IDOR Vulnerability in Support Ticket Creation

FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating relid when reltype=order, an authenticated...

5.1CVSS5.9AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.19 views

PT-2026-51584

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.6.21 through 0.7.2 Description An Insecure Direct Object Reference IDOR exists in the support ticket creation workflow. An authenticated client can create a support ticket that references an order belonging to another...

5.1CVSS5.8AI score0.00265EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/22 4:53 p.m.6 views

EUVD-2025-26130

Paymenter vulnerable to Remote Code Execution via public file uploads...

9.9CVSS5.9AI score0.00374EPSS
Exploits0References4
Metasploit
Metasploit
added 2026/06/17 7:3 p.m.232 views

NTLM Relay to Self (HTTP to LDAP) - Post Exploitation

This module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then triggers the WebClient service via an ETW event allowing a low-privilege user to start it, and coerces the local machine account to authenticate via...

6AI score
Exploits0
EUVD
EUVD
added 2026/06/17 6:35 p.m.14 views

EUVD-2025-210237

Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...

9.8CVSS5.1AI score0.0045EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.20 views

CVE-2025-69179

Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...

9.8CVSS0.0045EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 9:50 a.m.37 views

CVE-2025-69179 WordPress Support Ticket Management System plugin <= 1.9 - Privilege Escalation vulnerability

Unauthenticated Privilege Escalation in Support Ticket Management System = 1.9 versions...

9.8CVSS0.0045EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:50 a.m.27 views

CVE-2025-69179

Technical details (affected plugin version

9.8CVSS5.1AI score0.0045EPSS
Exploits0References1
Rows per page
Query Builder