Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2022-31570
The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Ceneo-web-scrapper Project Ceneo-web-scrapper
668
VMScore
CVE-2021-40903
A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.
Antminer Monitor Project Antminer Monitor 0.50.0
1 Github repository
668
VMScore
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote malicious users to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.
Talelin Lin-cms-flask 0.1.1
668
VMScore
CVE-2021-33026
The Flask-Caching extension up to and including 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct ...
Flask-caching Project Flask-caching
1 Github repository
605
VMScore
CVE-2008-3687
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
Xen Xen 3.3
Xen Xen Flask Module
578
VMScore
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows malicious users to create crafted cookies to bypass authentication or escalate privileges.
Freetakserver-ui Project Freetakserver-ui 1.9.8
578
VMScore
CVE-2021-41265
Flask-AppBuilder is a development framework built on top of Flask. Verions before 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existi...
Flask-appbuilder Project Flask-appbuilder
570
VMScore
CVE-2022-31501
The ChaoticOnyx/OnyxForum repository prior to 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Onyxforum Project Onyxforum
570
VMScore
CVE-2022-31502
The operatorequals/wormnest repository up to and including 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Wormnest Project Wormnest
570
VMScore
CVE-2022-31518
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Python-recipe-database Project Python-recipe-database
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »