Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

62 matches found

RedhatCVE
RedhatCVEadded yesterday2 views

CVE-2026-41426

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.6AI score0.00048EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded yesterday2 views

CVE-2026-41241

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.6AI score0.00044EPSS
Exploits0References1
HackRead
HackReadadded 5 days ago13 views

Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts

pretalx XSS flaw lets attackers hijack conference organizer accounts, steal sessions, auto-accept talks, and demote admins. Patched in v2026.1.0...

5.8AI score
Exploits0
OSV
OSVadded 2026/04/24 8:16 p.m.5 views

PYSEC-2026-109

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.9AI score0.00048EPSS
Exploits0References1
NVD
NVDadded 2026/04/24 8:16 p.m.0 views

CVE-2026-41426

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS0.00048EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/24 7:15 p.m.3 views

CVE-2026-41426

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.6AI score0.00048EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/24 7:15 p.m.6 views

CVE-2026-41426

CVE-2026-41426 affects pretalx (prior to 2026.1.0). An unauthenticated attacker can inject arbitrary HTML-rendered emails by embedding malformed HTML or markdown in a user-controlled template placeholder (e.g., account display name). The most direct vector is the password-reset flow: attacker cre...

6.1CVSS5.6AI score0.00048EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/24 7:15 p.m.2 views

CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.5AI score0.00048EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/24 7:15 p.m.29 views

CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS0.00048EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/24 7:15 p.m.0 views

EUVD-2026-25616

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.6AI score0.00048EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/24 12:0 a.m.5 views

pretalx 跨站脚本漏洞

pretalx is an open-source meeting planning tool developed by pretalx. It focuses on providing the best experience for organizers, speakers, reviewers, and participants. Versions of pretalx prior to 2026.1.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from...

6.1CVSS5.8AI score0.00048EPSS
Exploits0References1
OSV
OSVadded 2026/04/23 7:17 p.m.5 views

PYSEC-2026-108

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

5.4CVSS5.9AI score0.00044EPSS
Exploits0References1
NVD
NVDadded 2026/04/23 7:17 p.m.0 views

CVE-2026-41241

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS0.00044EPSS
Exploits0References1
PyPA
PyPAadded 2026/04/23 7:17 p.m.12 views

PYSEC-2026-108

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.9AI score0.00044EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/23 6:30 p.m.3 views

CVE-2026-41241

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.8AI score0.00044EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/23 6:30 p.m.27 views

CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS0.00044EPSS
Exploits0References1
CVE
CVEadded 2026/04/23 6:30 p.m.3 views

CVE-2026-41241

CVE-2026-41241 affects pretalx prior to 2026.1.0. The organiser search typeahead stored results render titles, speaker display names, and user names/emails via innerHTML string interpolation, enabling stored cross-site scripting if a user controls one of those fields. This could allow HTML/JavaSc...

8.7CVSS5.8AI score0.00044EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/23 6:30 p.m.0 views

CVE-2026-41241 pretalx: Stored cross-site scripting in organiser search typeahead

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.8AI score0.00044EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/23 6:30 p.m.4 views

EUVD-2026-25273

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.8AI score0.00044EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/23 12:0 a.m.5 views

pretalx 跨站脚本漏洞

pretalx is an open-source meeting planning tool developed by pretalx. It focuses on providing the best experience for organizers, speakers, reviewers, and participants. Versions of pretalx prior to 2026.1.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of...

8.7CVSS5.7AI score0.00044EPSS
Exploits0References1
Rows per page
Query Builder