Search
Search Results (5 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-13350 | 1 Pretix | 1 Venueless | 2026-06-25 | N/A |
| Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create. | ||||
| CVE-2026-12862 | 1 Pretix | 1 Venueless | 2026-06-22 | N/A |
| Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the environment of the user loading the file or other data in the file. | ||||
| CVE-2026-12863 | 1 Pretix | 1 Venueless | 2026-06-22 | N/A |
| An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains. | ||||
| CVE-2026-5599 | 1 Pretix | 1 Venueless | 2026-04-07 | N/A |
| A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds. | ||||
| CVE-2026-4982 | 1 Pretix | 1 Venueless | 2026-03-30 | N/A |
| A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channel UUID of the chat channel, which is unlikely to be obtained by an outside attacker, especially for direct messages. | ||||
Page 1 of 1.