Pretalx stored XSS (CVE-2026-41241)
Vulnerability
Summary
Hide ▲
Show ▼
A high-severity stored XSS in Pretalx tracked as CVE-2026-41241 let registered speakers inject code that could run when an organizer searched a submission, creating organizer account compromise risk across many conference deployments.
Related Happenings
NIST/NVD risk-based CVE enrichment change
Public Sector Action
First: 16.04.2026 15:43
Last: 16.04.2026 15:43
Sources 1
About this happening:
**NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...
NIST/NVD risk-based CVE enrichment change
Public Sector ActionAbout this happening: **NIST** said the **US National Vulnerability Database (NVD)** will switch to a **risk-based CVE enrichment** model to cope with backlog growth. The change will **drop enrichment...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/Mitigation
First: 25.03.2026 17:52
Last: 25.03.2026 17:52
Sources 1
About this happening:
**Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/MitigationAbout this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
CISA patch guidance for Zimbra and SharePoint flaws
Advisory/Mitigation
First: 19.03.2026 08:05
Last: 19.03.2026 08:05
Sources 1
About this happening:
**CISA** told **FCEB agencies** to patch **two actively exploited vulnerabilities** in **Synacor Zimbra Collaboration Suite (ZCS)** and **Microsoft Office SharePoint**, creating i...
CISA patch guidance for Zimbra and SharePoint flaws
Advisory/MitigationAbout this happening: **CISA** told **FCEB agencies** to patch **two actively exploited vulnerabilities** in **Synacor Zimbra Collaboration Suite (ZCS)** and **Microsoft Office SharePoint**, creating i...
CISA adds two Roundcube flaws to KEV catalog
Public Sector Action
First: 21.02.2026 09:21
Last: 21.02.2026 09:21
Sources 1
About this happening:
**CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA adds two Roundcube flaws to KEV catalog
Public Sector ActionAbout this happening: **CISA** added **two Roundcube webmail flaws** to the **KEV catalog** after citing **active exploitation**, increasing urgency for federal remediation. **CVE-2025-49113** is a **C...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation Wave
First: 18.02.2026 08:52
Last: 18.02.2026 08:52
Sources 1
About this happening:
**CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
CISA KEV multi-product active exploitation wave (CVE-2020-7796)
Exploitation WaveAbout this happening: **CISA** expanded its **KEV catalog** with **four actively exploited flaws**, signaling a live exploitation wave across **Chrome, TeamT5 ThreatSonar, Zimbra, and Windows Video Act...
Timeline
-
27.05.2026 17:30 2 articles · 7h ago
Novee Security discloses stored XSS in Pretalx
Initial DisclosureNovee Security disclosed CVE-2026-41241, a high-severity stored XSS in Pretalx that let a registered conference speaker plant malicious code to run when an organizer searched the speaker’s submission, creating organizer account compromise risk across many Pretalx-powered conferences; the flaw was patched in Pretalx version 2026.1.0.
Show sources
- Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate — www.securityweek.com — 27.05.2026 17:30
- Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate — www.securityweek.com — 27.05.2026 17:30