Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote malicious users to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.
Talelin Lin-cms-flask 0.1.1
NA
CVE-2008-3687
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
Xen Xen 3.3
Xen Xen Flask Module
7.5
CVSSv3
CVE-2018-1000656
The Pallets Project flask version prior to 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in inc...
Palletsprojects Flask
Netapp Ontap Select Deploy Utility
Netapp Hyper Converged Infrastructure
Netapp Active Iq
12 Github repositories
NA
CVE-2024-27083
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject...
NA
CVE-2024-25128
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an malicious user to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability co...
NA
CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows malicious users...
9.3
CVSSv3
CVE-2022-31531
The dainst/cilantro repository up to and including 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Dainst Cilantro
9.3
CVSSv3
CVE-2022-31539
The kotekan/kotekan repository up to and including 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Kotekan Project Kotekan
9.3
CVSSv3
CVE-2022-31544
The meerstein/rbtm repository up to and including 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Xtomo Robo-tom
9.3
CVSSv3
CVE-2022-31567
The DSABenchmark/DSAB repository up to and including 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Data Stream Algorithm Benchmark Project Data Stream Algorithm Benchmark
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »