Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.4 views

CVE-2026-2415

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS5.5AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2026/02/16 12:30 p.m.6 views

GHSA-R8P8-QW9W-J9QV pretix unsafely evaluates variables in emails

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate informati...

9CVSS5.5AI score0.00243EPSS
Exploits0References6
OSV
OSV
added 2026/02/16 11:15 a.m.9 views

PYSEC-2026-110

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

5.9CVSS5.8AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/16 10:15 a.m.33 views

CVE-2026-2415 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/02/16 10:15 a.m.15 views

CVE-2026-2415

The CVE-2026-2415 affects pretix email templates where placeholders are rendered insecurely. Two issues are described: (1) information exfiltration via malicious placeholder names (e.g., {{event.init .code .co_filename}}) that can leak config data, including passwords or API keys, due to incomple...

9CVSS5.5AI score0.00243EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder