EUVD-2024-0150

Malicious code in bioql PyPI...

emacs: org-link-expand-abbrev: Do not evaluate arbitrary unsafe Elisp code

A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments...

PYSEC-2024-180

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However,...

PYSEC-2024-180

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However,...

CVE-2024-8113

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However,...

PT-2024-38809 · Pretix · Pretix

Name of the Vulnerable Software and Affected Versions: pretix versions up to 2024.7.0 Description: The issue allows malicious event organizers to inject HTML tags into e-mail previews on the settings page. The default Content Security Policy of pretix prevents execution of attacker-provided...