Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate
Novee researchers discovered an account takeover vulnerability in the open source CFP management tool Pretalx. The post Vulnerability in Popular Conference Software Granted Attackers a 100% Talk Acceptance Rate appeared first on SecurityWeek.
Researchers at Novee Security have disclosed a high-severity vulnerability in Pretalx, an open source platform that powers the call-for-papers (CFP) and scheduling processes for many technical conferences worldwide.
The flaw, tracked as CVE-2026-41241 and described as a stored XSS issue, allowed any registered conference speaker to plant malicious code that would silently execute the moment an organizer searched for the attacker’s submission.
Related breach coverage
- Gitea Vulnerability Exposed 30,000 Deployments to Attacks2026-05-28
The security flaw allowed attackers to pull private container images, exposing source code, credentials, and infrastructure. The post Gitea Vulnerability Exposed 30,000 Deployments to Attacks appeared first on SecurityWeek.
- Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images2026-05-26
DockSec, an OWASP incubator project, correlates findings from multiple container security scanners and uses AI to generate plain-English remediation guidance and exact Dockerfile fixes. The post Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images appeared first on SecurityWeek.
- Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks2026-05-19
Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based attack chains. The post Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks appeared first on SecurityWeek.
- PoC Code Published for Critical NGINX Vulnerability2026-05-16
Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek.