CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-27579

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00052EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-0078

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00809EPSS

Exploits0References6

NVD•added 2025/09/10 4:15 p.m.•3 views

CVE-2025-59034

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check...

4.3CVSS0.00052EPSS

Exploits0References2

NVD•added 2025/07/14 9:15 p.m.•3 views

CVE-2025-53640

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such ...

6.5CVSS0.00174EPSS

Exploits2References6

Cvelist•added 2025/07/14 8:14 p.m.•8 views

CVE-2025-53640 Indico vulnerable to user enumeration via API endpoint

5.3CVSS0.00174EPSS

Exploits2References4

OSV•added 2025/07/14 8:14 p.m.•4 views

CVE-2025-53640 Indico vulnerable to user enumeration via API endpoint

5.3CVSS6.6AI score0.00174EPSS

Exploits2References8

CVE•added 2025/07/14 8:14 p.m.•23 views

CVE-2025-53640

CVE-2025-53640 – Indico user details disclosure via API/endpoint . Indico (event management platform) uses Flask-Multipass for authentication. Until fixed in v3.3.7, a specific endpoint that presents user details in fields such as ACLs could be abused to bulk-dump basic user data (name, affiliati...

6.5CVSS7.3AI score0.00174EPSS

Exploits2References6Affected Software1

CNNVD•added 2025/07/14 12:0 a.m.•1 views

Indico 安全漏洞

Indico is a feature-rich event management system from Indico Open Source. A security vulnerability exists in Indico versions prior to 3.3.7, which stems from Flask-Multipass having user details leaked...

6.5CVSS6.4AI score0.00174EPSS

Exploits2References5

RedhatCVE•added 2025/05/23 10:32 a.m.•5 views

CVE-2024-45399

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the...

6.1CVSS7AI score0.00809EPSS

Exploits0

NVD•added 2024/09/04 8:15 p.m.•7 views

CVE-2024-45399

6.1CVSS0.00809EPSS

Exploits0References4

PyPA•added 2024/09/04 8:15 p.m.•6 views

PYSEC-2024-90

6.1CVSS7AI score0.00809EPSS

Exploits0References4Affected Software1

OSV•added 2024/09/04 8:15 p.m.•6 views

PYSEC-2024-90

6.1CVSS6.3AI score0.00809EPSS

Exploits0References4

Vulnrichment•added 2024/09/04 8:12 p.m.•13 views

CVE-2024-45399 Indico has a Cross-Site-Scripting during account creation

4.3CVSS7AI score0.00809EPSS

Exploits0References4

Cvelist•added 2024/09/04 8:12 p.m.•16 views

CVE-2024-45399 Indico has a Cross-Site-Scripting during account creation

4.3CVSS0.00809EPSS

Exploits0References4

OSV•added 2024/09/04 8:12 p.m.•7 views

CVE-2024-45399 Indico has a Cross-Site-Scripting during account creation

4.3CVSS6.7AI score0.00809EPSS

Exploits0References6

CVE•added 2024/09/04 8:12 p.m.•49 views

CVE-2024-45399

Indico prior to version 3.3.4 (Flask-Multipass = 0.5.5, which fixes the issue. If upgrading is not possible, mitigate by updating flask-multipass to >= 0.5.5 or configuring the web server to disallow query strings with a next parameter starting with javascript:.

6.1CVSS5.4AI score0.00809EPSS

Exploits0References4Affected Software1

OSV•added 2024/09/04 5:19 p.m.•11 views

GHSA-RRQF-W74J-24FF Indico has a Cross-Site-Scripting during account creation

Impact There is a Cross-Site-Scripting vulnerability during account creation when redirecting after the account has been successfully created. Exploitation requires the user to initiate the account creation process with a maliciously crafted link, and then finalize the signup process. Because of...

6.1CVSS5.5AI score0.00809EPSS

Exploits0References7

Positive Technologies•added 2024/09/04 12:0 a.m.•2 views

PT-2024-31603 · Unknown +1 · Flask-Multipass +1

Name of the Vulnerable Software and Affected Versions: Indico versions prior to 3.3.4 Flask-Multipass versions prior to 0.5.5 Description: There is a Cross-Site-Scripting issue during account creation when redirecting to the next URL. Exploitation requires initiating the account creation process...

6.1CVSS7.1AI score0.00809EPSS

Exploits0References13

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by