| CVE-2026-5600 |
unknown |
— |
— |
|
|
|
2mo ago |
A new API endpoint introduced in pretix 2025 that is supposed to
return all check-in events of a specific event in fact returns all
check-in events belonging to the respective organizer. This allow… |
| CVE-2026-2415 |
unknown |
— |
— |
|
|
|
3mo ago |
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name}
is used in an email template, it will be replaced with the buyer's
name for the fina… |
| CVE-2025-14881 |
unknown |
— |
— |
|
|
|
5mo ago |
pretix has Broken Access Control Allowing Cross-User File Access via UUID |
| CVE-2025-14882 |
unknown |
— |
— |
|
|
|
5mo ago |
pretix has Broken Access Control Allowing Cross-User File Access via UUID |
| CVE-2025-13742 |
unknown |
— |
— |
|
|
|
6mo ago |
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final e… |
| CVE-2024-8113 |
unknown |
— |
— |
|
|
|
2y ago |
Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of… |
| CVE-2024-27447 |
unknown |
— |
— |
|
|
|
2y ago |
pretix before 2024.1.1 mishandles file validation. |
| CVE-2023-44463 |
unknown |
— |
— |
|
|
|
3y ago |
An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to… |
| CVE-2023-44464 |
unknown |
— |
— |
|
|
|
3y ago |
pretix allows Pillow to parse EPS files |
| CVE-2023-27891 |
unknown |
— |
— |
|
|
|
3y ago |
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1. |