TODAY , four active exploits were detected, including vulnerabilities in JoomShaper and Adobe ColdFusion. Notably, pretix software has two critical vulnerabilities: CVE-2026-13602 involves session takeover, and CVE-2026-13603 concerns an SSRF with API key leak. Both flaws have critical CVSS ratings, with patches available in recent versions (2026.3.5, 2026.4.5, and 2026.5.3).
The pretix team discovered these vulnerabilities during internal reviews, and although no confirmed exploitation has occurred, urgent updates are advised due to potential data breaches. Administrators should also monitor for potential abuse linked to the existing flaws.