CVE-2026-3962 Jcharis Machine-Learning-Web-Apps Jinja2 Template app.py render_template cross site scripting

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

Sensitive Information Exposure

Flask is vulnerable to Sensitive Information Exposure. The vulnerability is due to incomplete handling of the Vary: Cookie header when accessing the session object, where certain access patterns e.g., using the in operator fail to mark responses as user-specific, allowing caching proxies to store...

SQLi-Exfiltration-Lab

SQL Injection SQLi - Database Exfiltration Lab Overview...

SQLi

SQL Injection CTF Challenge - Quick Start Guide Files Over...

Simple-Flask-Deserialize-Demo-Exploit-Code

Simple-Flask-Deserialize-D...

Exploit for Code Injection in Langchain Langchain-Experimental

CVE-2024-21513 PoC for CVE-2024-21513 Original exploit documen...

Flask Weak Secret Key

Flask applications use an application key to encrypt and sign various data, including session cookies and other sensitive information. When a weak or easily guessable application key is used, it compromises the security of the entire application. Attackers can potentially decrypt sensitive data,...

[SECURITY] Fedora 39 Update: python-flask-security-too-5.1.2-3.fc39

Flask-Security quickly adds security features to your Flask application...

CVE-2022-31509

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

PYSEC-2021-123

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....

Cross site scripting

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....

CVE-2021-32618 Open Redirect Vulnerability

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is a Server-Side Template Injection SSTI vulnerability in a Flask application. The repository contains a Docker Compose file that sets up a vulnerable environment for testing and demonstration...

Trend Micro Deep Discovery Director Multiple Vulnerabilities

1. Advisory Information Title: Trend Micro Deep Discovery Director Multiple Vulnerabilities Advisory ID: CORE-2017-0005 Advisory URL:https://www.coresecurity.com/core-labs/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities Date published: 2017-07-12 Date of last update:...

Modern Honeypot Network

Modern Honeypot Network Multi-snort and honeypot sensor management, uses a network of VMs, small footprint SNORT installations, stealthy dionaeas, and a centralized server for management. Honeypot Deployed sensors with intrusion detection software installed: Snort, Kippo, Conpot, and Dionaea...