Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

OSV
OSVadded 2026/03/23 10:45 p.m.0 views

CVE-2026-33046 Indico discloses local files resulting in Remote Code Execution through LaTeX injection

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS6AI score0.00114EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/03/23 12:0 a.m.2 views

PT-2026-27251

!NOTE If server-side LaTeX rendering is not in use ie XELATEX PATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

7.7CVSS6AI score0.00114EPSS
Exploits0References11
Github Security Blog
Github Security Blogadded 2025/09/10 8:27 p.m.6 views

Indico may disclose unauthorized user details access via legacy API

Impact A legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds It ...

4.3CVSS6.8AI score0.00052EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2025/09/10 4:15 p.m.1 views

CVE-2025-59035

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

5.4CVSS0.0004EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/09/10 4:1 p.m.5 views

CVE-2025-59034 Indico may disclose unauthorized user details access via legacy API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

4.3CVSS0.00052EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/09/10 12:0 a.m.4 views

PT-2025-37074

Name of the Vulnerable Software and Affected Versions: Indico versions prior to 3.3.8 Description: Indico is an event management system that utilizes Flask-Multipass, a multi-backend authentication system for Flask. A broken access check in a legacy API used to retrieve user details allowed...

4.3CVSS6.5AI score0.00052EPSS
Exploits0References8
Rows per page
Query Builder