Lucene search
+L

1687 matches found

Nuclei
Nuclei
added yesterday89 views

WordPress Event Tickets < 5.2.2 - Open Redirect

WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...

6.1CVSS6.5AI score0.01932EPSS
Exploits2References2
CVE
CVE
added 3 days ago7 views

CVE-2026-60118

CVE-2026-60118 affects Hi.Events up to v1.10.0-beta, where a missing server-side visibility enforcement lets unauthenticated attackers purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hi...

6.9CVSS6.1AI score0.00235EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-60118 Hi.Events < 1.11.0 Hidden Ticket Enumeration via Order Creation Endpoint

Hi.Events before 1.11.0 contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hidd...

6.9CVSS0.00235EPSS
Exploits0References5
OSV
OSV
added 3 days ago3 views

CVE-2026-60118 Hi.Events < 1.11.0 Hidden Ticket Enumeration via Order Creation Endpoint

Hi.Events before 1.11.0 contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hidd...

6.9CVSS6.1AI score0.00235EPSS
Exploits0References8
NVD
NVD
added 4 days ago3 views

CVE-2026-57705

Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...

7.5CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-57400

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00242EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43316

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-14453

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS0.00478EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-57705 WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...

7.5CVSS0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...

6.5CVSS0.00242EPSS
Exploits0References1
CVE
CVE
added 4 days ago5 views

CVE-2026-57400

The CVE-2026-57400 entry concerns the WordPress plugin Event Tickets Manager for WooCommerce. A Missing Authorization vulnerability is described as due to Incorrectly Configured Access Control Security Levels, affecting the plugin’s “Event Tickets Manager for WooCommerce” component in versions up...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-57705

CVE-2026-57705 affects the WordPress plugin Event Tickets (versions

7.5CVSS6.1AI score0.00246EPSS
Exploits0References1
CVE
CVE
added 4 days ago16 views

CVE-2026-14453

The CVE-2026-14453 issue is a critical Server-Side Template Injection (SSTI) in Centreon’s centreon-open-tickets module. The message_confirm field is stored without sanitization and rendered through Smarty with no security policy, allowing any authenticated user to inject and execute arbitrary co...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS0.00478EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References3
NVD
NVD
added last week6 views

CVE-2026-13039

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...

5.3CVSS0.00257EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 7:16 a.m.7 views

CVE-2026-11875

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...

5.3CVSS0.00193EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/08 3:22 p.m.5 views

WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by dunvu0 in WordPress Plugin Event Tickets versions = 5.28.5...

7.5CVSS6.1AI score0.00246EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/08 10:0 a.m.4 views

WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by okndjo in WordPress Plugin Event Tickets Manager for WooCommerce versions = 1.5.5...

6.5CVSS6.1AI score0.00242EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/03 10:16 a.m.9 views

CVE-2026-55952

A flaw was found in Erlang/OTP's SSL Secure Sockets Layer application. An unauthenticated remote attacker can send a specially crafted ClientHello message to a TLS 1.3 server with session tickets enabled. This can permanently disrupt the server's ability to handle session tickets, leading to a...

8.2CVSS6AI score0.00487EPSS
Exploits0References10
Rows per page
Query Builder