Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-18701
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote malicious users to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets.
Talelin Lin-cms-flask 0.1.1
6.8
CVSSv2
CVE-2008-3687
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
Xen Xen 3.3
Xen Xen Flask Module
5
CVSSv2
CVE-2018-1000656
The Pallets Project flask version prior to 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in inc...
Palletsprojects Flask
Netapp Ontap Select Deploy Utility
Netapp Hyper Converged Infrastructure
Netapp Active Iq
12 Github repositories
NA
CVE-2024-27083
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject...
NA
CVE-2024-25128
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an malicious user to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability co...
NA
CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows malicious users...
6.4
CVSSv2
CVE-2022-31502
The operatorequals/wormnest repository up to and including 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Wormnest Project Wormnest
6.4
CVSSv2
CVE-2022-31503
The orchest/orchest repository prior to 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Orchest Orchest
6.4
CVSSv2
CVE-2022-31506
The cmusatyalab/opendiamond repository up to and including 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Cmu Opendiamond
6.4
CVSSv2
CVE-2022-31515
The Delor4/CarceresBE repository up to and including 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
Carceresbe Project Carceresbe 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »