Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2026/03/30 12:0 a.m.2 views

Amazon Linux 2023 : python3-flask (ALAS2023-2026-1476)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1476 advisory. Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use o...

4.3CVSS5.8AI score0.00014EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/02/19 12:0 a.m.5 views

PT-2026-21353

Name of the Vulnerable Software and Affected Versions Flask versions 3.1.2 and below Description Flask, a web server gateway interface WSGI web application framework, may improperly handle caching when accessing the session object. Specifically, it may fail to set the 'Vary: Cookie' header,...

4.3CVSS5.8AI score0.00014EPSS
Exploits0References27
GithubExploit
GithubExploitadded 2025/06/28 7:53 p.m.78 views

Simple-Hospital-Management-System-in-Python-CodeAstro-Patients-Stored-XSS

It is an offensive tool for web application. This repository con...

5.6AI score
Exploits0
OSV
OSVadded 2025/05/13 4:15 p.m.2 views

DEBIAN-CVE-2025-47278

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.8CVSS5.4AI score0.00106EPSS
Exploits0References1
OSV
OSVadded 2025/05/13 3:57 p.m.4 views

CVE-2025-47278 Flask uses fallback key instead of current signing key

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.8CVSS6.1AI score0.00106EPSS
Exploits0References5
CVE
CVEadded 2025/05/13 3:57 p.m.187 views

CVE-2025-47278

CVE-2025-47278 affects Flask 3.1.0, where itsdangerous signing key handling constructs the key list in reverse, causing the last (oldest) key to be used for signing when key rotation is configured via SECRET_KEY_FALLBACKS. The result is signing sessions with stale keys, potentially hindering tran...

1.8CVSS7AI score0.00106EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2025/05/13 3:57 p.m.6 views

CVE-2025-47278

Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can...

1.8CVSS5.4AI score0.00106EPSS
Exploits0
Rows per page
Query Builder