Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2022-31521
The Niyaz-Mohamed/mosaic repository up to and including 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Mosaic Project Mosaic 1.0.0
6.4
CVSSv2
CVE-2022-31530
The csm-aut/csm repository up to and including 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Csm Server Project Csm Server
6.4
CVSSv2
CVE-2022-31558
The tooxie/shiva-server repository up to and including 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Shiva-server Project Shiva-server
6.4
CVSSv2
CVE-2022-31573
The chainer/chainerrl-visualizer repository up to and including 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Chainer Chainerrl-visualizer
6.4
CVSSv2
CVE-2022-31524
The PureStorage-OpenConnect/swagger repository up to and including 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Purestorage Pure Swagger
6.4
CVSSv2
CVE-2022-31501
The ChaoticOnyx/OnyxForum repository prior to 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Onyxforum Project Onyxforum
6.4
CVSSv2
CVE-2022-31504
The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository prior to 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Baiduwenkuspider Flaskweb Project Baiduwenkuspider Flaskweb
6.4
CVSSv2
CVE-2022-31505
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Mercadoenlineaback Project Mercadoenlineaback
6.4
CVSSv2
CVE-2022-31508
The idayrus/evoting repository prior to 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Idayrus E-voting
6.4
CVSSv2
CVE-2022-31509
The iedadata/usap-dc-website repository up to and including 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Iedadata Usap-dc Web Submission And Dataset Search
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »