| CVE-2026-41426 |
medium |
6.1 |
6.1 |
|
|
|
1mo ago |
pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malforme… |
| CVE-2026-41241 |
medium |
5.4 |
5.4 |
|
|
|
1mo ago |
pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown… |
| CVE-2023-28458 |
unknown |
— |
1.0 |
|
|
|
3y ago |
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file. |
| CVE-2023-28459 |
unknown |
— |
1.0 |
|
|
|
3y ago |
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files. |
