CVE-2026-12863 is a medium-severity vulnerability (CVSS Score: 5.1) in Venueless' social login functionality. An unvalidated redirect could be exploited for phishing attacks using trusted domains. This issue requires attention from defenders of Venueless implementations to prevent potential phishing attacks. The vulnerability was published on June 22, 2026, and no changes have been made since then.
CVE-2026-12862 involves the passing of untrusted user data to Excel exports for administrators without proper sanitization, leading to a formula injection vulnerability. This vulnerability, with a CVSS score of 5.1, allows attackers to potentially compromise the environment of users who open the malicious Excel file. The vulnerability was published on June 22, 2026, and has been categorized as medium seve [truncated]
## Summary CVE-2026-9712 is a low-severity authorization bypass in pretix, an open-source ticketing software. An API endpoint for downloading export files failed to verify that the requested UUID corresponded to a file intended for download and belonged to the requesting user. This could allow an authenticated attacker with knowledge of a valid file UUID to access files they should not have permission to [truncated]