Monthly
Information disclosure in Pretix email template processing allows authenticated backend users to extract sensitive system data including database credentials and API keys through specially crafted placeholder syntax that bypasses existing validation controls. An attacker with email template editing permissions can leverage this vulnerability to access confidential configuration information from the system. A patch is available to address the ineffective placeholder sanitization mechanism.
Information disclosure in Pretix email template processing allows authenticated backend users to extract sensitive system data including database credentials and API keys through specially crafted placeholder syntax that bypasses existing security controls. An attacker with email template modification privileges can leverage Python object introspection to access arbitrary system configuration details. No patch is currently available for this vulnerability affecting Pretix and its Double Opt In Step extension.
Pretix email template placeholder injection enables authenticated backend users to extract sensitive system information such as database credentials and API keys through specially crafted placeholder syntax that bypasses insufficient input validation. An attacker with backend access can leverage this vulnerability to enumerate system configuration details and potentially compromise infrastructure security. No patch is currently available for this medium-severity issue affecting Pretix installations.
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Information disclosure in Pretix email template processing allows authenticated backend users to extract sensitive system data including database credentials and API keys through specially crafted placeholder syntax that bypasses existing validation controls. An attacker with email template editing permissions can leverage this vulnerability to access confidential configuration information from the system. A patch is available to address the ineffective placeholder sanitization mechanism.
Information disclosure in Pretix email template processing allows authenticated backend users to extract sensitive system data including database credentials and API keys through specially crafted placeholder syntax that bypasses existing security controls. An attacker with email template modification privileges can leverage Python object introspection to access arbitrary system configuration details. No patch is currently available for this vulnerability affecting Pretix and its Double Opt In Step extension.
Pretix email template placeholder injection enables authenticated backend users to extract sensitive system information such as database credentials and API keys through specially crafted placeholder syntax that bypasses insufficient input validation. An attacker with backend access can leverage this vulnerability to enumerate system configuration details and potentially compromise infrastructure security. No patch is currently available for this medium-severity issue affecting Pretix installations.
In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform mathematical operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.