Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/02/20 7:40 p.m.7 views

CVE-2026-25739

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a patch. To apply the...

5.4CVSS5.2AI score0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 3:30 p.m.4 views

CVE-2026-25738 Indico has Server-Side Request Forgery (SSRF) in multiple places

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of...

6.9CVSS5.6AI score0.00189EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/17 6:53 p.m.2 views

Server-side Request Forgery (SSRF)

Overview indico is a conference lifecycle management and meeting/lecture scheduling tool. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in isprivateurl in util/network.py. A user can access internal network resources or sensitive endpoints by supplying...

6.9CVSS5.5AI score0.00189EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/17 6:53 p.m.6 views

Indico has Server-Side Request Forgery (SSRF) in multiple places

Impact Indico makes outgoing requests to user-provides URLs in various places. This is mostly intentional and part of Indico's functionality, but of course it is never intended to let you access "special" targets such as localhost or cloud metadata endpoints. Patches You should to update to Indic...

6.9CVSS5.7AI score0.00189EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2025/11/03 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2025-b10099f608)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.8AI score0.00231EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/01 12:0 a.m.4 views

Fedora 41 : ruby (2025-b10099f608)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b10099f608 advisory. Upgrade to Ruby 3.3.10. CVE-2025-58767 ruby: REXML denial of service rhbz2396203 Tenable has extracted the preceding description block directly from...

5.3CVSS7AI score0.00231EPSS
Exploits0References2
Rows per page
Query Builder