Lucene search
K

12 matches found

OpenVAS
OpenVAS
added 2025/11/14 12:0 a.m.2 views

Mageia: Security Advisory (MGASA-2025-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.00677EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-6866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case- insensitive due to the use of the trymatch function, which...

7.5CVSS7.3AI score0.00642EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:38 a.m.11 views

Security Bulletin: IBM Maximo Application Suite uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to CVE-2024-6866, CVE-2024-6839, CVE-2024-6.

Summary IBM Maximo Application Suite uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable toCVE-2024-6866, CVE-2024-6839, CVE-2024-6.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors...

7.5CVSS7AI score0.00652EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:29 a.m.6 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844 Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors version 4.01 contain...

7.5CVSS6.8AI score0.00652EPSS
Exploits3Affected Software1
Circl
Circl
added 2025/05/23 10:39 p.m.32 views

CVE-2024-6866

creationtimestamp| type| source ---|---|--- 2025-05-23 22:39:43+00:00| seen| https://gist.github.com/EbonJaeger/4959b52b5b6898ca4e109d36bb8b6d36...

7.5CVSS5.2AI score0.00642EPSS
Exploits1References1
Chainguard
Chainguard
added 2025/05/22 1:15 a.m.23 views

CVE-2024-6866 vulnerabilities

Vulnerabilities for packages: superset, kubeflow-volumes-web-app, kubeflow-jupyter-web-app...

7.5CVSS6.5AI score0.00642EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.4 views

aact-openhands (>=0.0.4 <=0.0.5), aberoth-ephemeris (>=1.0.0 <=1.0.2) +580 more potentially affected by CVE-2024-6866 via flask-cors (>=1.1.2 <=5.0.1)

flask-cors PYPI version =1.1.2, =0.0.4, =1.0.0, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.1.0, =0.1.1, =0.1.0, =1.1.0, =0.0.1, =0.0.18, =1.0.2, =1.3.0 and more Source cves: CVE-2024-6866 Source advisory: OSV:GHSA-43QF-4RQW-9Q2G...

7.5CVSS6.3AI score0.00642EPSS
Exploits1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-6866

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

7.5CVSS0.00642EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:10 a.m.9 views

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

5.3CVSS6.5AI score0.00642EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.6 views

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

5.3CVSS5.3AI score0.00642EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.207 views

CVE-2024-6866

CVE-2024-6866 concerns corydolphin/flask-cors. The issue arises from using the host-oriented try_match for path matching, making path comparisons effectively case-insensitive while URLs are case-sensitive. This can allow unauthorized origins to access restricted paths and potentially expose data....

7.5CVSS5.3AI score0.00642EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.15 views

CVE-2024-6866 Case-Insensitive Path Matching in corydolphin/flask-cors

corydolphin/flask-cors version 4.01 contains a vulnerability where the request path matching is case-insensitive due to the use of the trymatch function, which is originally intended for matching hosts. This results in a mismatch because paths in URLs are case-sensitive, but the regex matching...

5.3CVSS0.00642EPSS
Exploits1References1
Rows per page
Query Builder