Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/02 1:51 a.m.10 views

CVE-2026-28352

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

6.5CVSS5.9AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/03/01 1:24 a.m.4 views

GHSA-RFPP-2HGM-GP5V Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

6.5CVSS6AI score0.00264EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/27 9:1 p.m.4 views

CVE-2026-28352

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

6.5CVSS5.9AI score0.00264EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/02/27 9:1 p.m.13 views

CVE-2026-28352

CVE-2026-28352 affects Indico (event management system) prior to 3.3.11. The vulnerability is an missing access check in the API endpoint that manages event series, enabling unauthenticated/unauthorized access to metadata (title, category chain, start/end date) for events in an existing series, a...

6.5CVSS5.9AI score0.00264EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/02/18 5:20 p.m.14 views

CVE-2021-21318 Removing access may not effect published series

Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before version 9.2 there is a vulnerability in which publishing an episode with strict access rules will overwrite the currently set series access. This allows for an easy denial...

5.4CVSS5.7AI score0.00707EPSS
Exploits0References2
Rows per page
Query Builder