Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/02/17 1:27 p.m.6 views

CVE-2026-2452

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...

9CVSS5.6AI score0.00258EPSS
Exploits0References1
PyPA
PyPA
added 2026/02/16 11:15 a.m.8 views

PYSEC-2026-110

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS5.8AI score0.00243EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.7 views

PT-2026-8332

Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data. A flaw exists where specially crafted placeholder names, such as event. init . code .co...

9CVSS5.8AI score0.00258EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/05 3:27 p.m.4 views

CVE-2025-13353

In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any...

7.1CVSS7.2AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder