Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

61 matches found

RedhatCVE
RedhatCVEadded 2026/01/09 8:38 a.m.1 views

CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

7.5CVSS6.8AI score0.00268EPSS
Exploits0References1
NVD
NVDadded 2026/01/08 1:15 a.m.8 views

CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

7.5CVSS0.00268EPSS
Exploits0References1
EUVD
EUVDadded 2026/01/08 12:26 a.m.2 views

EUVD-2026-1664

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

7.5CVSS6.3AI score0.00268EPSS
Exploits0References1
CVE
CVEadded 2026/01/08 12:26 a.m.12 views

CVE-2026-21868

CVE-2026-21868 affects Flag Forge, specifically versions 2.3.2 and earlier. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user profile API endpoint /api/user/[username], where the application builds a regex dynamically from the unescaped username input. An attacker ca...

7.5CVSS6.4AI score0.00268EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/01/08 12:26 a.m.3 views

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

7.5CVSS6.7AI score0.00268EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/08 12:26 a.m.3 views

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

7.5CVSS6.4AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/01/08 12:0 a.m.4 views

Flag Forge 安全漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. A security vulnerability exists in Flag Forge 2.3.2 and earlier versions that stems from a regular expression denial of service issue in the user profile API endpoint...

7.5CVSS6.5AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/08 12:0 a.m.6 views

PT-2026-2108

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.3.2 and below Description Flag Forge is a Capture The Flag CTF platform susceptible to a Regular Expression Denial of Service ReDoS condition. The issue resides in the user profile API endpoint, /api/user/username. The...

7.5CVSS6.5AI score0.00268EPSS
Exploits0References7
RedhatCVE
RedhatCVEadded 2025/10/07 5:35 p.m.2 views

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS6.9AI score0.00434EPSS
Exploits0References1
NVD
NVDadded 2025/10/06 5:16 p.m.6 views

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS0.00434EPSS
Exploits0References2
CVE
CVEadded 2025/10/06 4:44 p.m.16 views

CVE-2025-61777

Flag Forge (CTF platform) prior to v2.3.2 exposed unauthenticated access via GET /api/admin/badge-templates and POST /api/admin/badge-templates/create, enabling retrieval of all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and potential creation of templates. Root caus...

9.4CVSS6.6AI score0.00434EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2025/10/06 4:44 p.m.3 views

CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS6.9AI score0.00434EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/10/06 12:0 a.m.3 views

PT-2025-40914

Name of the Vulnerable Software and Affected Versions FlagForge versions 2.0.0 through 2.3.2 Description FlagForge, a Capture The Flag CTF platform, had endpoints that did not require authentication or authorization. Specifically, the /api/admin/badge-templates GET and...

9.4CVSS6.7AI score0.00434EPSS
Exploits0References8
CNNVD
CNNVDadded 2025/10/06 12:0 a.m.3 views

Flag Forge 访问控制错误漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An access control error vulnerability exists in Flag Forge versions 2.0.0 through prior to 2.3.2, which stems from a lack of authentication and authorization checks in the /api/admin/badge-templates and...

9.4CVSS6.7AI score0.00434EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-31126

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00394EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-30932

Malicious code in bioql PyPI...

7.6CVSS6.6AI score0.00215EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-31370

Malicious code in bioql PyPI...

6.9CVSS6.5AI score0.00389EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-31401

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/29 9:47 p.m.7 views

CVE-2025-59932

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

8.6CVSS6.9AI score0.0035EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/09/27 4:46 p.m.9 views

CVE-2025-59843

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/username returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public AP...

6.9CVSS5.9AI score0.00389EPSS
Exploits0References1
Rows per page
Query Builder