Lucene search
K

64 matches found

OpenVAS
OpenVAS
added 2025/11/14 12:0 a.m.2 views

Mageia: Security Advisory (MGASA-2025-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.00677EPSS
Exploits5References4
Circl
Circl
added 2025/08/16 4:5 a.m.7 views

CVE-2025-6221

creationtimestamp| type| source ---|---|--- 2025-08-16 04:05:10+00:00| seen| Telegram/jUBr-2Z07QlPsRlOpLba0gxgcCmPHGp7YgCZ06Htw9qw7s...

6.4CVSS4.8AI score0.00231EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/07/04 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7612-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.9AI score0.00677EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:35 p.m.5 views

CVE-2020-6221

Web Intelligence HTML interface in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS5.9AI score0.00648EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-6221

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior...

7.5CVSS6.5AI score0.00677EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 12:45 p.m.5 views

Security Bulletin: Vulnerability in Flask-Cors affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-6221]

Summary The Flask-Cors package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-6221. Vulnerability Details CVEID:CVE-2024-6221 DESCRIPTION: Flask-CORS could allow a remote attacker to obtain sensitive information, caused ...

7.5CVSS6.1AI score0.00677EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/11/12 10:9 a.m.37 views

Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...

8.1CVSS7.9AI score0.01249EPSS
Exploits2Affected Software1
OSV
OSV
added 2024/09/27 11:9 a.m.4 views

OESA-2024-2198 python-Flask-Cors security update

A Flask extension for handling Cross Origin Resource Sharing CORS, making cross-origin AJAX possible. Security Fixes: A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default, without any configuration option...

7.5CVSS6.8AI score0.00677EPSS
Exploits1References2
Circl
Circl
added 2024/08/18 9:37 p.m.6 views

CVE-2024-6221

creationtimestamp| type| source ---|---|--- 2024-08-18 21:37:39+00:00| seen| https://t.me/cvedetector/3474...

7.5CVSS6.8AI score0.00677EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2024/08/18 9:31 p.m.4 views

aberoth-ephemeris (>=1.0.0 <=1.0.2), abstra (>=1.8.8 <=2.5.1) +498 more potentially affected by CVE-2024-6221 via flask-cors (>=1.1.2 <=4.0.1)

flask-cors PYPI version =1.1.2, =1.0.0, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.1.1, =0.0.1, =0.0.18, =1.0.2, =2.5.0, =2.5.0, =0.1.0b2696.post0.dev1, =0.1.8, =0.1.22 and more Source cves: CVE-2024-6221 Source advisory: OSV:GHSA-HXWH-JPP2-84PM...

7.5CVSS6.7AI score0.00677EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2024/08/18 7:15 p.m.3 views

aberoth-ephemeris (>=1.0.0 <=1.0.2), abstra (>=1.8.8 <=2.5.1) +498 more potentially affected by CVE-2024-6221 via flask-cors (>=1.1.2 <=4.0.1)

flask-cors PYPI version =1.1.2, =1.0.0, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.1.1, =0.0.1, =0.0.18, =1.0.2, =2.5.0, =2.5.0, =0.1.0b2696.post0.dev1, =0.1.8, =0.1.22 and more Source cves: CVE-2024-6221 Source advisory: OSV:PYSEC-2024-260...

7.5CVSS6.7AI score0.00677EPSS
Exploits1
Chainguard
Chainguard
added 2024/08/18 7:15 p.m.14 views

CVE-2024-6221 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app, py3-flask-cors...

7.5CVSS6.8AI score0.00677EPSS
Exploits1
Wolfi
Wolfi
added 2024/08/18 7:15 p.m.86 views

CVE-2024-6221 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app, py3-flask-cors...

7.5CVSS6.8AI score0.00677EPSS
Exploits1
Cvelist
Cvelist
added 2024/08/18 6:58 p.m.41 views

CVE-2024-6221 Improper Access Control in corydolphin/flask-cors

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...

6.5CVSS0.00677EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/08/18 6:58 p.m.23 views

CVE-2024-6221

A vulnerability in corydolphin/flask-cors version 4.0.1 allows the Access-Control-Allow-Private-Network CORS header to be set to true by default. This behavior can expose private network resources to unauthorized external access, leading to significant security risks such as data breaches,...

7.5CVSS6.7AI score0.00677EPSS
Exploits1
Circl
Circl
added 2024/02/02 12:26 a.m.5 views

CVE-2023-6221

creationtimestamp| type| source ---|---|--- 2024-02-02 00:26:27+00:00| seen| https://t.me/ctinow/177841 2024-02-18 16:11:42+00:00| seen| https://t.me/ctinow/187288...

7.7CVSS6.3AI score0.00582EPSS
Exploits0References2
ICS
ICS
added 2024/01/25 7:0 a.m.71 views

MachineSense FeverWarn

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION : Exploitable remotely/low attack complexity Vendor : MachineSense LLC. Equipment : MachineSense FeverWarn Vulnerabilities: Missing Authentication for Critical Function, Use of Hard-coded Credentials, Improper Access Control, OS Command...

10CVSS9.2AI score0.00798EPSS
Exploits0References12
OSV
OSV
added 2023/07/12 6:15 p.m.5 views

CVE-2023-3643

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclose...

9.8CVSS5.5AI score0.75206EPSS
Exploits6References3
Prion
Prion
added 2023/07/12 6:15 p.m.19 views

Design/Logic Flaw

A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclose...

7.5CVSS9.5AI score0.75206EPSS
Exploits6References3Affected Software1
CVE
CVE
added 2023/07/12 5:31 p.m.67 views

CVE-2023-3643

CVE-2023-3643 affects CAREL Boss Mini 1.4.0 (Build 6221). Multiple sources confirm a path traversal leading to local file inclusion in boss/servlet/document, exploitable over network with no user interaction. Proofs of concept and exploit records exist (PacketStorm, Exploit-DB) indicating remote ...

9.8CVSS8.5AI score0.75206EPSS
Exploits6References3Affected Software1
Rows per page
Query Builder