Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.5 views

CVE-2026-2451

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.6 views

CVE-2026-2452

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.4 views

CVE-2026-2415

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS5.5AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/16 12:30 p.m.13 views

EUVD-2026-6097

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS5.5AI score0.00243EPSS
Exploits0References2
NVD
NVD
added 2026/02/16 11:15 a.m.7 views

CVE-2026-2415

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/02/16 11:15 a.m.8 views

CVE-2026-2451

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS0.00258EPSS
Exploits0References1
NVD
NVD
added 2026/02/16 11:15 a.m.8 views

CVE-2026-2452

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS0.00258EPSS
Exploits0References1
OSV
OSV
added 2026/02/16 11:15 a.m.9 views

PYSEC-2026-110

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

5.9CVSS5.8AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2026/02/16 11:15 a.m.4 views

CVE-2026-2451

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

6.5CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/16 11:15 a.m.3 views

CVE-2026-2415

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

5.9CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/16 11:15 a.m.2 views

CVE-2026-2452

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

6.5CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/16 10:16 a.m.4 views

CVE-2026-2452

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00258EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/02/16 10:15 a.m.15 views

CVE-2026-2415

The CVE-2026-2415 affects pretix email templates where placeholders are rendered insecurely. Two issues are described: (1) information exfiltration via malicious placeholder names (e.g., {{event.init .code .co_filename}}) that can leak config data, including passwords or API keys, due to incomple...

9CVSS5.5AI score0.00243EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.8 views

PT-2026-8331

Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The pretix software contains flaws in its email placeholder mechanism. This mechanism allows for the insertion of customer data into emails using placeholders. Two security issues were...

9CVSS5.9AI score0.00243EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.9 views

PT-2026-8333

Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data. A flaw exists where specially crafted placeholder names, such as event. init . code .co...

9CVSS5.5AI score0.00258EPSS
Exploits0References8
EUVD
EUVD
added 2025/11/27 12:30 p.m.6 views

EUVD-2025-199816

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.5AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 2025/11/27 11:15 a.m.5 views

CVE-2025-13742

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS0.00155EPSS
Exploits0References1
Rows per page
Query Builder