VYPR
Vendor

Ingenico

Products
3
CVEs
21
Across products
21
Status
Private

Products

3

Recent CVEs

21
View all 21 CVEs →
  • CVE-2024-6415LowJun 30, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL…

  • CVE-2026-33046Mar 23, 2026
    risk 0.00cvss epss 0.01

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use…

  • CVE-2026-28352Feb 27, 2026
    risk 0.00cvss epss 0.00

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint.…

  • CVE-2026-25739Feb 19, 2026
    risk 0.00cvss epss 0.00

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a…

  • CVE-2026-25738Feb 19, 2026
    risk 0.00cvss epss 0.00

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly…

  • CVE-2025-59035Sep 10, 2025
    risk 0.00cvss epss 0.00

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update…

  • CVE-2025-59034Sep 10, 2025
    risk 0.00cvss epss 0.00

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a…

  • CVE-2025-53640Jul 14, 2025
    risk 0.00cvss epss 0.01

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump…

  • CVE-2024-45399Sep 4, 2024
    risk 0.00cvss epss 0.00

    Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when…

  • CVE-2024-6059Jun 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site…

  • CVE-2023-37901Jul 21, 2023
    risk 0.00cvss epss 0.00

    Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a…

  • CVE-2018-17774Sep 9, 2020
    risk 0.00cvss epss 0.01

    Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

  • CVE-2018-17773Sep 9, 2020
    risk 0.00cvss epss 0.01

    Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

  • CVE-2018-17772Sep 9, 2020
    risk 0.00cvss epss 0.01

    Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

  • CVE-2018-17771Sep 9, 2020
    risk 0.00cvss epss 0.00

    Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.

  • CVE-2018-17770Sep 9, 2020
    risk 0.00cvss epss 0.01

    Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

  • CVE-2018-17769Sep 9, 2020
    risk 0.00cvss epss 0.01

    Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

  • CVE-2018-17768Sep 9, 2020
    risk 0.00cvss epss 0.01

    Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.

  • CVE-2018-17767Sep 9, 2020
    risk 0.00cvss epss 0.01

    Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.

  • CVE-2018-17766Sep 9, 2020
    risk 0.00cvss epss 0.01

    Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.