Vendor CVEs
Ingenico
All CVEs
21 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6415 | Low | 0.16 | 2.4 | 0.00 | Jun 30, 2024 | A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL… | ||
| CVE-2026-33046 | 0.00 | — | 0.01 | Mar 23, 2026 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use… | |||
| CVE-2026-28352 | 0.00 | — | 0.00 | Feb 27, 2026 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint.… | |||
| CVE-2026-25739 | 0.00 | — | 0.00 | Feb 19, 2026 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a… | |||
| CVE-2026-25738 | 0.00 | — | 0.00 | Feb 19, 2026 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly… | |||
| CVE-2025-59035 | 0.00 | — | 0.00 | Sep 10, 2025 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update… | |||
| CVE-2025-59034 | 0.00 | — | 0.00 | Sep 10, 2025 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a… | |||
| CVE-2025-53640 | 0.00 | — | 0.01 | Jul 14, 2025 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump… | |||
| CVE-2024-45399 | 0.00 | — | 0.00 | Sep 4, 2024 | Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when… | |||
| CVE-2024-6059 | 0.00 | — | 0.00 | Jun 17, 2024 | A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site… | |||
| CVE-2023-37901 | 0.00 | — | 0.00 | Jul 21, 2023 | Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a… | |||
| CVE-2018-17774 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17773 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17772 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17771 | 0.00 | — | 0.00 | Sep 9, 2020 | Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17770 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17769 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17768 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17767 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17766 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||
| CVE-2018-17765 | 0.00 | — | 0.01 | Sep 9, 2020 | Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N. |
- risk 0.16cvss 2.4epss 0.00
A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL…
- CVE-2026-33046Mar 23, 2026risk 0.00cvss —epss 0.01
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use…
- CVE-2026-28352Feb 27, 2026risk 0.00cvss —epss 0.00
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint.…
- CVE-2026-25739Feb 19, 2026risk 0.00cvss —epss 0.00
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to cross-site scripting when uploading certain file types as materials. Users should upgrade to version 3.3.10 to receive a…
- CVE-2026-25738Feb 19, 2026risk 0.00cvss —epss 0.00
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Versions prior to 3.3.10 are vulnerable to server-side request forgery. Indico makes outgoing requests to user-provides URLs in various places. This is mostly…
- CVE-2025-59035Sep 10, 2025risk 0.00cvss —epss 0.00
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update…
- CVE-2025-59034Sep 10, 2025risk 0.00cvss —epss 0.00
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a…
- CVE-2025-53640Jul 14, 2025risk 0.00cvss —epss 0.01
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields (such as ACLs) could be misused to dump…
- CVE-2024-45399Sep 4, 2024risk 0.00cvss —epss 0.00
Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when…
- CVE-2024-6059Jun 17, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site…
- CVE-2023-37901Jul 21, 2023risk 0.00cvss —epss 0.00
Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a…
- CVE-2018-17774Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17773Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17772Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17771Sep 9, 2020risk 0.00cvss —epss 0.00
Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17770Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17769Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17768Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17767Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17766Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N.
- CVE-2018-17765Sep 9, 2020risk 0.00cvss —epss 0.01
Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N.