CVE-2026-36576

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

EUVD-2026-34099

An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers to execute arbitrary commands via a crafted POST request...

EUVD-2026-26274

A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfomcpplatform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The...

CVE-2026-3962

A vulnerability was identified in Jcharis Machine-Learning-Web-Apps up to a6996b634d98ccec4701ac8934016e8175b60eb5. The impacted element is the function rendertemplate of the file Machine-Learning-Web-Apps-master/Build-n-Deploy-Flask-App-with-Waypoint/app/app.py of the component Jinja2 Template...

EUVD-2021-16077

Malware in sbrugna...

CVE-2024-6394

A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the servejs function in app.py, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files ...

Local File Inclusion

voila is vulnerable to Local File Inclusion. The vulnerability is due to improper handling of file paths within app.py which allows an attacker to access readable files on the server's filesystem...

CVE-2014-125073

A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function createpoll/dopoll/showpoll/showrefresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is...

Sql injection

A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function createpoll/dopoll/showpoll/showrefresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is...

CVE-2014-125073 mapoor voteapp app.py show_refresh sql injection

A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function createpoll/dopoll/showpoll/showrefresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is...

CVE-2014-125073

CVE-2014-125073 affects mapoor voteapp. The vulnerability is a SQL injection in the Flask-based app.py functions create_poll, do_poll, show_poll, and show_refresh. Evidence across sources specifies the root cause as improper handling of input in these endpoints, enabling manipulation of queries. ...

CVE-2014-125073 mapoor voteapp app.py show_refresh sql injection

A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function createpoll/dopoll/showpoll/showrefresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is...

Design/Logic Flaw

Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file app.py and add .replace'..', '' into the...

Wikimedia Quarry analytics-quarry-web cross-site scripting vulnerability

Wikimedia Quarry analytics-quarry-web is an open source application. Wikimedia Quarry analytics-quarry-web is vulnerable to a cross-site scripting vulnerability. The vulnerability stems from the fact that app.py does not explicitly set the application json content type. No details of the...

CVE-2020-36324

Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type...

Bryan Davis analytics-quarry-web 跨站脚本漏洞

Wikimedia Quarry analytics-quarry-web is an open source application. Wikimedia Quarry analytics-quarry-web is vulnerable to a cross-site scripting vulnerability. The vulnerability stems from the fact that app.py does not explicitly set the application json content type. No details of the...

CVE-2020-13258

Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py...