Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/02/16 10:16 a.m.30 views

CVE-2026-2451 Unsafe variable evaluation in email templates

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS0.00258EPSS
Exploits0References1
Snyk
Snyk
added 2025/12/11 10:7 p.m.2 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...

8.6CVSS7AI score0.0053EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2677

Malicious code in bioql PyPI...

8.8CVSS9AI score0.00858EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/07 2:32 p.m.4 views

CVE-2025-58800

Cross-Site Request Forgery CSRF vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through = 2.8.6...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.9 views

CVE-2024-23761

Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...

9.8CVSS7.7AI score0.00659EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/01/04 2:39 p.m.27 views

CVE-2023-3726 OCSInventory-ocsreports 2.12.0 - Stored cross-site Scripting

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting...

6.9CVSS6.6AI score0.00544EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/04 2:39 p.m.8 views

CVE-2023-3726 OCSInventory-ocsreports 2.12.0 - Stored cross-site Scripting

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting...

6.9CVSS6.4AI score0.00544EPSS
Exploits1References2
CNVD
CNVD
added 2020/06/22 12:0 a.m.3 views

Unspecified Vulnerability in Mattermost Server (CNVD-2020-48242)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.2.0, 4.1.1, and 4.0.5, which stems from the program not neutralizing the HTML content of a field in an email template. An...

6.1CVSS6.6AI score0.0069EPSS
Exploits0References1
Rows per page
Query Builder