CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Github Security Blog•added 2026/02/16 12:30 p.m.•4 views

pretix unsafely evaluates variables in emails

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate informati...

9CVSS5.5AI score0.00048EPSS

Exploits0References6Affected Software1

EUVD•added 2026/02/16 12:30 p.m.•9 views

EUVD-2026-6096

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00082EPSS

Exploits2References8

ATTACKERKB•added 2026/02/16 10:16 a.m.•3 views

CVE-2026-2451

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00048EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2025/11/27 12:30 p.m.•4 views

pretix has Email Content Injection Through Maliciously Formatted Names

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...

6.1CVSS5.4AI score0.00028EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by