Lucene search
K

2435 matches found

Nuclei
Nuclei
added yesterday18 views

PraisonAI AgentOS - Information Disclosure

PraisonAI's AgentOS FastAPI application server exposes an unauthenticated GET /api/agents endpoint that lists every registered agent's name, role and the opening of its instructions system prompt. No authentication is enforced on the route, allowing a remote attacker to enumerate agent...

7.3CVSS7.1AI score0.26799EPSS
Exploits4
Nuclei
Nuclei
added yesterday15 views

PraisonAI - Authentication Bypass

PraisonAI 2.5.6 to 4.6.34 contains a broken authentication caused by disabled default authentication in legacy Flask API server, letting remote attackers access /agents and trigger workflows without token, exploit requires network access to API server. id: CVE-2026-44338 info: name: PraisonAI -...

7.3CVSS7.1AI score0.26799EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday8 views

Python Flask-Security-Too <=5.3.2 - Open Redirect

An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...

6.1CVSS6.4AI score0.01079EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday129 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.2AI score0.03452EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday76 views

pyLoad Flask Config - Access Control

pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRETKEY variable. This issue has been patched in version 0.5.0b3.dev77. id: CVE-2024-21644 info: name: pyLoad Flask Config ...

7.5CVSS6.9AI score0.42173EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday104 views

Python Flask-Security - Open Redirect

Python Flask-Security contains an open redirect vulnerability. Existing code validates that the URL specified in the next parameter is either relative or has the same network location as the requesting URL. Certain browsers accept and fill in the blanks of possibly incomplete or malformed URLs. A...

6.1CVSS6.6AI score0.03289EPSS
Exploits0References5
CVE
CVE
added 4 days ago7 views

CVE-2026-22660

FlaskBB

8.6CVSS6AI score0.00328EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42077

Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE...

8.3CVSS5.9AI score0.00237EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-15034

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS0.00222EPSS
Exploits0References9
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-15034 flask-dashboard Flask-MonitoringDashboard cross-site request forgery

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS0.00222EPSS
Exploits0References9
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42238

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References9
CVE
CVE
added 6 days ago11 views

CVE-2026-15034

CVE-2026-15034 affects the Flask-MonitoringDashboard component of the Flask-dashboard project up to version 5.0.2. The issue is described as a cross-site request forgery (CSRF) affecting an unknown functionality, with the attack potentially executable remotely. Public exploit information is indic...

5.3CVSS5.2AI score0.00222EPSS
Exploits0References9
OSV
OSV
added 6 days ago6 views

ROOT-APP-PYPI-CVE-2026-27205 CVE-2026-27205 in rootio-Flask - Patched by Root

Root has patched CVE-2026-27205 in the rootio-Flask package for Root:PyPI. Multiple fixed versions available...

4.3CVSS5.8AI score0.00374EPSS
Exploits0
NVD
NVD
added last week6 views

CVE-2026-49471

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS0.00237EPSS
Exploits0References3
Cvelist
Cvelist
added last week31 views

CVE-2026-49471 Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS0.00237EPSS
Exploits0References3
OSV
OSV
added last week6 views

CVE-2026-49471 Serena: Unauthenticated Flask dashboard on fixed port enables DNS rebinding → memory poisoning → RCE

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-49471

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References4Affected Software1
OSV
OSV
added last week10 views

PYSEC-2026-1842 pyspider Cross-Site Request Forgery (CSRF) via the Flask endpoints

binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery CSRF via the Flask endpoints...

8.8CVSS5.9AI score0.00223EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-505 Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

9.2CVSS6.1AI score0.01585EPSS
Exploits0References13
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-341 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

Impact A critical path traversal and extension bypass vulnerability in Flask-Reuploaded allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Patches Flask-Reuploaded has been patched in version 1.5.0 Workarounds 1. Do not...

9.8CVSS6.5AI score0.01046EPSS
Exploits1References7
Rows per page
Query Builder