Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/10/07 5:35 p.m.4 views

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS6.9AI score0.00427EPSS
Exploits0References1
NVD
NVD
added 2025/10/06 5:16 p.m.14 views

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS0.00427EPSS
Exploits0References2
OSV
OSV
added 2025/10/06 4:44 p.m.5 views

CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS6.9AI score0.00427EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/06 4:44 p.m.8 views

CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS0.00427EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/06 4:44 p.m.5 views

EUVD-2025-32560

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS6.5AI score0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/06 4:44 p.m.4 views

CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

9.4CVSS6.6AI score0.00427EPSS
Exploits0References2
CVE
CVE
added 2025/10/06 4:44 p.m.20 views

CVE-2025-61777

Flag Forge (CTF platform) prior to v2.3.2 exposed unauthenticated access via GET /api/admin/badge-templates and POST /api/admin/badge-templates/create, enabling retrieval of all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and potential creation of templates. Root caus...

9.4CVSS6.6AI score0.00427EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.7 views

PT-2025-40914

Name of the Vulnerable Software and Affected Versions FlagForge versions 2.0.0 through 2.3.2 Description FlagForge, a Capture The Flag CTF platform, had endpoints that did not require authentication or authorization. Specifically, the /api/admin/badge-templates GET and...

9.4CVSS6.7AI score0.00427EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.5 views

Flag Forge 访问控制错误漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An access control error vulnerability exists in Flag Forge versions 2.0.0 through prior to 2.3.2, which stems from a lack of authentication and authorization checks in the /api/admin/badge-templates and...

9.4CVSS6.7AI score0.00427EPSS
Exploits0References2
Rows per page
Query Builder