pretix 安全漏洞

Pretix is a ticketing system developed by the German company Pretix. Pretix has a security vulnerability. This vulnerability stems from including the secrets of connected gift cards during the creation of all reusable media exports. As a result, it is possible for users who create these exports t...

Improper Isolation or Compartmentalization

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the check-in events endpoint. An attacker can access sensitive information related to all check-in events under the same organizer,...

pretix-tracking-scripts (>=1.0.0 <=1.0.1) potentially affected by CVE-2026-2415 via pretix (=2024.11.0)

pretix PYPI version =2024.11.0 is affected by a known vulnerability. The following packages have a transitive dependency on pretix and may be impacted: - pretix-tracking-scripts =1.0.0, =1.0.1 Source cves: CVE-2026-2415 Source advisory: OSV:GHSA-R8P8-QW9W-J9QV...

Dynamic Variable Evaluation

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Dynamic Variable Evaluation via the evaluation of placeholders in email templates. An attacker can access sensitive system information, such as configuration files, database...

CVE-2026-2451 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

pretix 安全漏洞

Pretix is a ticketing software developed by the German company Pretix. Pretix has a security vulnerability, which stems from a security-related flaw in the placeholder mechanism. This flaw may allow system configuration information to be disclosed through specially crafted placeholder names,...

Authorization Bypass Through User-Controlled Key

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the UUID parameter in multiple API endpoints. An attacker can access sensitive files belonging to other users by supplying the...

EUVD-2024-0150

Malicious code in bioql PyPI...

CVE-2024-8113

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However,...

PT-2024-38809 · Pretix · Pretix

Name of the Vulnerable Software and Affected Versions: pretix versions up to 2024.7.0 Description: The issue allows malicious event organizers to inject HTML tags into e-mail previews on the settings page. The default Content Security Policy of pretix prevents execution of attacker-provided...

PYSEC-2024-253

pretix before 2024.1.1 mishandles file validation...

PT-2024-21903 · Pretix · Pretix

Name of the Vulnerable Software and Affected Versions: pretix versions prior to 2024.1.1 Description: The issue is related to the mishandling of file validation. Recommendations: For versions prior to 2024.1.1, update to version 2024.1.1 or later to resolve the issue...

rami.io pretix security breach

rami.io pretix is a ticket store application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, bars, etc. from the German company rami.io. A security vulnerability exists in pretix versions prior to 2023.7.1, which stems from the fact that incorrect analysis of...

CVE-2023-44464

pretix before 2023.7.2 allows Pillow to parse EPS files...

CVE-2023-27891

rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1...

rami.io pretix 代码问题漏洞

rami.io pretix is a ticket store application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, bars, etc. from the German company rami.io. A security vulnerability exists in rami.io pretix versions prior to 4.17.1. An attacker could exploit the vulnerability to...