Lucene search
K

9 matches found

NVD
NVD
added yesterday5 views

CVE-2026-22659

FlaskBB through 2.2.0, fixed in commit acc88cf, contains an authorization bypass vulnerability that allows authenticated moderators to perform unauthorized actions on topics in forums they do not control by submitting crafted topic ID lists. Attackers can include a low-ID topic from a permitted...

8.1CVSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-22660

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-22659

FlaskBB up to version 2.2.0 is vulnerable to an authorization bypass. The issue arises when an attacker manipulates a batch request with crafted topic ID lists, causing a low-ID topic from a permitted forum to be used as an anchor and bypass the permission check applied only to the first result. ...

8.1CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday6 views

CVE-2026-22660 FlaskBB Logic Flaw Authorization Group Deletion via Bulk AJAX Endpoint

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-42877

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/05/21 8:42 p.m.20 views

Server-side Request Forgery (SSRF)

Overview FlaskBB is an A classic Forum Software in Python using Flask. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the getimageinfo function. An attacker can access internal network resources and sensitive cloud metadata by supplying a crafted URL as t...

8.6CVSS5.5AI score0.00032EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/21 8:42 p.m.6 views

flaskbb-plugin-atom (>=0.1.0 <=0.2.0), flaskbb-plugin-conversations (=2.0.1) +6 more potentially affected by CVE-2026-46556 via flaskbb (=2.2.0)

flaskbb PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on flaskbb and may be impacted: - flaskbb-plugin-atom =0.1.0, =0.0.1, =0.1.0, =0.0.1, =0.1.0 Source cves: CVE-2026-46556 Source advisory: OSV:GHSA-XQ32-9G7Q-7297...

5.5AI score0.00032EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.8 views

PT-2026-42653

Summary A Server-Side Request Forgery SSRF vulnerability in get image info allows any authenticated user to force the server to send HTTP requests to arbitrary internal endpoints, including cloud metadata services e.g., AWS 169.254.169.254. This is a blind SSRF with confirmed internal port scanni...

6.5CVSS5.9AI score
Exploits0References3
Circl
Circl
added 2026/05/19 12:24 p.m.11 views

CVE-2026-46556

creationtimestamp| type| source ---|---|--- 2026-05-19 12:24:55+00:00| published-proof-of-concept| https://github.com/flaskbb/flaskbb/security/advisories/GHSA-xq32-9g7q-7297...

5.8AI score0.00032EPSS
Exploits0References1
Rows per page
Query Builder