Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2022-24776
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are curre...
Flask-appbuilder Project Flask-appbuilder
6.4
CVSSv2
CVE-2022-31512
The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Flask-mvc Project Flask-mvc
6.4
CVSSv2
CVE-2022-31559
The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Flask-yeoman Project Flask-yeoman
7.5
CVSSv2
CVE-2021-33026
The Flask-Caching extension up to and including 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct ...
Flask-caching Project Flask-caching
1 Github repository
5
CVSSv2
CVE-2022-21659
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time...
Flask-appbuilder Project Flask-appbuilder
4.3
CVSSv2
CVE-2018-16516
helpers.py in Flask-Admin 1.5.2 has Reflected XSS via a crafted URL.
Flask-admin Project Flask-admin 1.5.2
5
CVSSv2
CVE-2022-24880
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions before 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). ...
Flask-session-captcha Project Flask-session-captcha
NA
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows malicious users to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
Flask-security-too Project Flask-security-too
1 Github repository
6.4
CVSSv2
CVE-2022-31527
The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Flask-file-server Project Flask-file-server
6.4
CVSSv2
CVE-2022-31549
The olmax99/helm-flask-celery repository prior to 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Helm-flask-celery Project Helm-flask-celery
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »