Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 33 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-34531 Flask-HTTPAuth invokes token verification callback when missing or empty token was given by client miguelgrinbergFlask-HTTPAuth Medium 6.5 2026-04-01 20:44:11 Deep Dive
CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection jugmac00flask-reuploaded Critical 9.8 2026-02-25 03:54:54 Deep Dive
CVE-2026-27205 Flask session does not add `Vary: Cookie` header when accessed in some ways palletsflask--2026-02-21 05:21:17 Deep Dive
CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods dpgasparFlask-AppBuilder Medium 6.5 2025-09-11 17:55:49 Deep Dive
CVE-2025-6776 xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal xiaoyunjieopenvpn-cms-flask High 7.3 2025-06-27 20:00:22 Deep Dive
CVE-2025-6775 xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection xiaoyunjieopenvpn-cms-flask Medium 6.3 2025-06-27 20:00:21 Deep Dive
CVE-2025-32962 Flask-AppBuilder open redirect vulnerability using HTTP host injection dpgasparFlask-AppBuilder Medium 4.3 2025-05-16 13:51:56 Deep Dive
CVE-2025-47278 Flask uses fallback key instead of current signing key palletsflask--2025-05-13 15:57:40 Deep Dive
CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors corydolphincorydolphin/flask-cors 中危 -2025-03-20 10:11:00 Deep Dive
CVE-2024-6844 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors corydolphincorydolphin/flask-cors 中危 -2025-03-20 10:10:52 Deep Dive
CVE-2024-6839 Improper Regex Path Matching in corydolphin/flask-cors corydolphincorydolphin/flask-cors 中危 -2025-03-20 10:09:43 Deep Dive
CVE-2025-24023 Observable Response Discrepancy in flask-appbuilder dpgasparFlask-AppBuilder Low 3.7 2025-03-03 15:25:55 Deep Dive
CVE-2024-45314 Flask-AppBuilder login form allows browser to cache sensitive fields dpgasparFlask-AppBuilder Low 3.6 2024-09-04 16:08:41 Deep Dive
CVE-2024-6221 Improper Access Control in corydolphin/flask-cors corydolphincorydolphin/flask-cors--2024-08-18 18:58:21 Deep Dive
CVE-2024-1681 Log Injection Vulnerability in corydolphin/flask-cors corydolphincorydolphin/flask-cors 中危 -2024-04-19 19:37:28 Deep Dive
CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) dpgasparFlask-AppBuilder Medium 4.3 2024-02-28 15:34:02 Deep Dive
CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID dpgasparFlask-AppBuilder Critical 9.1 2024-02-28 15:30:28 Deep Dive
CVE-2023-34110 Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error dpgasparFlask-AppBuilder Low 2.7 2023-06-22 22:34:40 Deep Dive
CVE-2023-30861 Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header palletsflask High 7.5 2023-05-02 17:04:22 Deep Dive
CVE-2023-29005 No Rate Limiting on Login AUTH DB dpgasparFlask-AppBuilder High 7.5 2023-04-10 20:47:18 Deep Dive