Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

GHSA-RFPP-2HGM-GP5V Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

Missing Authentication for Critical Function

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the event series management API endpoint. An attacker can retrieve event metadata, delete, or modify event...

CVE-2026-28352

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

CVE-2026-28352 Indico missing access check in event series management API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

EUVD-2026-9071

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

Indico 访问控制错误漏洞

Indico is an open-source event management system with rich functionality. Versions of Indico prior to 3.3.11 contained a access control vulnerability; this vulnerability stemmed from the lack of access checks in the event series management API endpoints, which could allow unauthorized access...

EUVD-2022-44805

Malicious code in bioql PyPI...

CVE-2022-41614

Insufficiently protected credentials in the IntelR ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access...

Information disclosure

Insufficiently protected credentials in the IntelR ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-41614

Insufficiently protected credentials in the IntelR ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-41614

Insufficiently protected credentials in the IntelR ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-41614

CVE-2022-41614 affects Intel® ON Event Series Android application prior to version 2.0. The issue is described as insufficiently protected credentials that may allow an authenticated user to disclose information via local access. The vulnerability impact is consistent with a local attack where cr...

Intel ON Event Series 安全漏洞

Intel ON Event Series is a mobile application from Intel Corporation USA. A security vulnerability exists in Intel ON Event Series versions prior to 2.0 that stems from insufficiently protected credentials. An attacker could exploit the vulnerability to cause information disclosure...

Intel® ON Event Series Android App Advisory

Summary: A potential security vulnerability in the Intel® ON Event Series Android application may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2022-41614 Description: Insufficiently protected...