Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/03/23 8:43 p.m.2 views

GHSA-RM2Q-F7JV-3CFP Indico discloses local files resulting in Remote Code Execution through LaTeX injection

!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

7.7CVSS6AI score0.00782EPSS
Exploits0References8
Github Security Blog
Github Security Blogadded 2026/03/01 1:24 a.m.7 views

Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

6.5CVSS6AI score0.00264EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/17 12:0 a.m.2 views

PT-2026-20327

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to server-side request forgery SSRF. The system makes outgoing requests to URLs provided by users. While this functionality is intentional, it could...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2026/02/17 12:0 a.m.5 views

PT-2026-20328

Name of the Vulnerable Software and Affected Versions Indico versions prior to 3.3.10 Description Indico, an event management system, is susceptible to a cross-site scripting issue when specific file types are uploaded as materials. The issue exists due to a flaw in the handling of file uploads...

5.4CVSS5AI score0.00161EPSS
Exploits0References10
Github Security Blog
Github Security Blogadded 2025/09/10 8:28 p.m.5 views

Indico vulnerable to Cross-Site Scripting via LaTeX math code

Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...

5.4CVSS7.1AI score0.00189EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2025/09/10 8:28 p.m.5 views

GHSA-7CF7-9WRR-VRF4 Indico vulnerable to Cross-Site Scripting via LaTeX math code

Impact There is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds Only let trustworthy users create content on...

4.6CVSS7.2AI score0.00189EPSS
Exploits0References4
OSV
OSVadded 2025/07/14 7:24 p.m.3 views

GHSA-Q28V-664F-Q6WJ Indico vulnerability allows attackers to bulk dump user details

Impact An endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such as name, affiliation and email in bulk. !TIP If your instance allows everyone to create a user account, and you wish to truly restrict access to these user...

5.3CVSS6AI score0.00565EPSS
Exploits2References9
Rows per page
Query Builder