Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.9 views

CVE-2026-41426

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.6AI score0.00154EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/01 12:54 p.m.16 views

Zero-Click pretalx XSS Flaw Lets Hackers Hijack Conference Organizer Accounts

pretalx XSS flaw lets attackers hijack conference organizer accounts, steal sessions, auto-accept talks, and demote admins. Patched in v2026.1.0...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/23 6:30 p.m.12 views

EUVD-2026-25273

pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown using innerHTML string interpolation. Any user who controls one of those fields which includes an...

8.7CVSS5.8AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0206

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.06648EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 3:36 a.m.4 views

CVE-2023-28459

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export a non-default feature. Users were able to upload crafted HTML documents that trigger the reading of arbitrary files...

6.5CVSS6.8AI score0.06648EPSS
Exploits1References1
Circl
Circl
added 2023/04/21 12:31 a.m.5 views

CVE-2023-28458

creationtimestamp| type| source ---|---|--- 2023-04-21 00:31:05+00:00| seen| https://t.me/cibsecurity/62560 2025-08-27 20:55:20+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/pretalxrcecve202328458.rb 2025-10-23 21:13:01+00:00| seen|...

4.3CVSS4.6AI score0.03429EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.2 views

PT-2023-21731 · Pretalx · Pretalx

Name of the Vulnerable Software and Affected Versions: pretalx versions 2.3.1 through 2.3.1 Description: The issue allows path traversal in HTML export, a non-default feature. Organizers can trigger the overwriting of an arbitrary file with the standard pretalx 404 page content. Recommendations:...

5.3CVSS4.5AI score0.03429EPSS
Exploits3References12
Rows per page
Query Builder