993 matches found
CVE-2026-2452
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
CVE-2026-2451 Unsafe variable evaluation in email templates
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
CVE-2026-2451
CVE-2026-2451 concerns pretix: an information-exfiltration flaw via email template placeholders. When templates substitute user data (e.g., {name}), an attacker who can control templates could craft placeholders like {{event.init .code .co_filename}} to read sensitive system configuration data, p...
CVE-2026-2415 Unsafe variable evaluation in email templates
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...
pretix 安全漏洞
Pretix is a ticketing software developed by the German company Pretix. Pretix has a security vulnerability, which stems from a security-related flaw in the placeholder mechanism. This flaw may allow system configuration information to be disclosed through specially crafted placeholder names,...
PT-2026-8333
Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data. A flaw exists where specially crafted placeholder names, such as event. init . code .co...
PT-2026-8332
Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data. A flaw exists where specially crafted placeholder names, such as event. init . code .co...
CVE-2020-37192 MSN Password Recovery 1.30 - XML External Entity Injection
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system...
CVE-2026-2250 Unauthenticated Data Export and Source Code Disclosure via /dbviewer/ in METIS WIC
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...
CVE-2026-2250
The /dbviewer/ web endpoint in METIS WIC devices is exposed without authentication. A remote attacker can access and export the internal telemetry SQLite database containing sensitive operational data. Additionally, the application is configured with debug mode enabled, causing malformed requests...
[SECURITY] Fedora 42 Update: rust-resctl-bench-2.2.5-10.fc42
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...
CVE-2026-25872
JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path input, allowing remote, unauthenticated attackers to access arbitrary files on the underlying...
CVE-2026-23681
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan...
CVE-2026-25751
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...
CVE-2026-25751
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...
CVE-2026-25751
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...
CVE-2026-25751 FUXA Unauthenticated Exposure of Plaintext Database Credentials
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...
CVE-2026-25751 FUXA Unauthenticated Exposure of Plaintext Database Credentials
FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...
CVE-2026-25751
CVE-2026-25751 affects FUXA up to version 1.2.9 and is a information-disclosure flaw that exposes sensitive administrative credentials for InfluxDB, enabling an attacker to obtain the full system configuration and potentially authenticate to the database to read/modify/delete data or cause DoS. T...
PT-2026-6661
Name of the Vulnerable Software and Affected Versions FUXA versions through 1.2.9 Description An information disclosure issue in FUXA allows a remote, unauthenticated attacker to obtain sensitive administrative database credentials. Exploitation allows an attacker to access the full system...