Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-31570
The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Ceneo-web-scrapper Project Ceneo-web-scrapper
7.5
CVSSv2
CVE-2021-40903
A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.
Antminer Monitor Project Antminer Monitor 0.50.0
1 Github repository
7.5
CVSSv2
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote malicious users to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.
Talelin Lin-cms-flask 0.1.1
7.5
CVSSv2
CVE-2021-33026
The Flask-Caching extension up to and including 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct ...
Flask-caching Project Flask-caching
1 Github repository
6.8
CVSSv2
CVE-2008-3687
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
Xen Xen 3.3
Xen Xen Flask Module
6.5
CVSSv2
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows malicious users to create crafted cookies to bypass authentication or escalate privileges.
Freetakserver-ui Project Freetakserver-ui 1.9.8
6.5
CVSSv2
CVE-2021-41265
Flask-AppBuilder is a development framework built on top of Flask. Verions before 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existi...
Flask-appbuilder Project Flask-appbuilder
6.4
CVSSv2
CVE-2022-31513
The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Krypton Project Krypton
6.4
CVSSv2
CVE-2022-31552
The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Anuvaad-corpus Project Anuvaad-corpus
6.4
CVSSv2
CVE-2022-31501
The ChaoticOnyx/OnyxForum repository prior to 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Onyxforum Project Onyxforum
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »