All 8 CVE vulnerabilities found in flagForge, with AI-generated Chinese analysis, references, and POCs.
Vendor: FlagForgeCTF
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-21868 | Flag Forge has ReDoS Vulnerability in User Profile Lookup API CWE-1333 | 7.5 | High | 2026-01-08 |
| CVE-2025-61777 | FlagForge Allows Unauthenticated Badge Template API Access CWE-200 | 9.4 | Critical | 2025-10-06 |
| CVE-2025-59932 | FlagForgeCTF Unauthenticated Resource Modification/Deletion CWE-284 | 8.6 | High | 2025-09-27 |
| CVE-2025-59843 | FlagForgeCTF Exposes User Emails via Public /api/user/[username] API CWE-359 | 5.3 | - | 2025-09-26 |
| CVE-2025-59841 | FlagForgeCTF's Improper Session Handling Allows Access After Logout CWE-384 | 9.8 | Critical | 2025-09-25 |
| CVE-2025-59833 | FlagForgeCTF Hint Exposure via API CWE-200 | 7.5 | High | 2025-09-24 |
| CVE-2025-59827 | FlagForgeCTF is Missing Authorization in main-v2 CWE-862 | 8.8AI | HighAI | 2025-09-24 |
| CVE-2025-59826 | FlagForgeCTF Vulnerable to Unauthorized Problem Creation CWE-862 | 7.6 | High | 2025-09-23 |
All 8 known CVE vulnerabilities affecting flagForge with full Chinese analysis, references, and POCs where available.