136 matches found
pretix 安全漏洞
Pretix is a ticketing system developed by the German company Pretix. Pretix has a security vulnerability. This vulnerability stems from including the secrets of connected gift cards during the creation of all reusable media exports. As a result, it is possible for users who create these exports t...
CVE-2026-9712
When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...
CVE-2026-9712 Insecure direct object reference
When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...
CVE-2026-9712 Insecure direct object reference
When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...
CVE-2026-9712
CVE-2026-9712 concerns the pretix API where exporting creates a UUID for the export job and later a download request uses that UUID. The root cause is that one API endpoint did not verify that the download UUID actually corresponds to a file that is downloadable and belongs to the correct user. T...
pretix 安全漏洞
Pretix is a ticketing system developed by the German company Pretix. There is a security vulnerability in Pretix. This vulnerability stems from an API endpoint that does not verify whether the UUID used for downloading corresponds to the file that should be downloaded and whether it belongs to th...
pretix: API leaks check-in data between events of the same organizer
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...
GHSA-WR8Q-C73G-M7GP pretix: API leaks check-in data between events of the same organizer
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...
PYSEC-2026-111
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...
Improper Isolation or Compartmentalization
Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the check-in events endpoint. An attacker can access sensitive information related to all check-in events under the same organizer,...
CVE-2026-5600
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...
CVE-2026-5600
A new API endpoint introduced in pretix 2025 that is supposed to return all check-in events of a specific event in fact returns all check-in events belonging to the respective organizer. This allows an API consumer to access information for all other events under the same organizer, even those th...
pretix 安全漏洞
Pretix is a ticketing system developed by the German company Pretix. The pretix 2025 version contains a security vulnerability. This vulnerability stems from the API endpoint returning information about all organizers’ sign-in events. As a result, API users may access event information that shoul...
Pretix Unsafely Evaluates Variables In Emails
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when "name" is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate...
CVE-2026-2452
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
CVE-2026-2451
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
CVE-2026-2415
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...
EUVD-2026-6095
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
EUVD-2026-6097
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...
EUVD-2026-6096
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...