Cern Indico
11 CVEs affecting Cern Indico. Latest disclosed: 2026-03-23. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33046 | High | 8.8 | 2026-03-23 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabil… |
CVE-2021-30185 | High | 7.5 | 2021-04-07 | CERN Indico before 2.3.4 can use an attacker-supplied Host header in a password reset link. |
CVE-2026-28352 | Medium | 6.5 | 2026-02-27 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint… |
CVE-2025-53640 | Medium | 6.5 | 2025-07-14 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3… |
CVE-2026-25739 | Medium | 5.4 | 2026-02-19 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cro… |
CVE-2023-37901 | Medium | 5.4 | 2023-07-21 | Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly use… |
CVE-2025-59035 | Medium | 4.6 | 2025-09-10 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-… |
CVE-2026-25738 | Medium | 4.3 | 2026-02-19 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to ser… |
CVE-2025-59034 | Medium | 4.3 | 2025-09-10 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrie… |
CVE-2024-45399 | Medium | 4.3 | 2024-09-04 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, correspondin… |
CVE-2024-50633 | Unrated | | 2025-01-16 | A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the… |