CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/03/18 12:0 a.m.•5 views

CVE-2026-30345

CTFd CVE-2026-30345 is a zip-slip vulnerability in the Admin import path of v3.8.1-18-gdb5a18c4. A crafted import can cause arbitrary files to be written outside the intended directory. The vulnerability is reported across multiple feeds (NVD/Red Hat/others) with a CVSS v3.1 base score of 7.5 (Hi...

7.5CVSS5.9AI score0.00406EPSS

Cvelist•added 2026/03/18 12:0 a.m.•25 views

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

0.00406EPSS

ATTACKERKB•added 2026/03/18 12:0 a.m.•6 views

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

5.9AI score0.00406EPSS

Vulnrichment•added 2026/03/18 12:0 a.m.•1 views

CVE-2026-30345

A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import...

5.9AI score0.00406EPSS

RedhatCVE•added 2026/01/09 9:58 a.m.•4 views

CVE-2020-7245

Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's...

9.8CVSS7.2AI score0.01166EPSS

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-28372

Malware in sbrugna...

9.8CVSS9.2AI score0.01166EPSS

Exploits0References3

6.1CVSS6.6AI score0.00274EPSS

EUVD-2025-3069

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.00436EPSS

EUVD-2025-3973

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.11659EPSS

EUVD-2024-34048

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.00304EPSS

EUVD-2024-39865

Malicious code in bioql PyPI...

Exploits0References4

RedhatCVE•added 2025/05/23 6:58 a.m.•3 views

CVE-2024-46242

An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...

7.5CVSS7.4AI score0.00707EPSS

RedhatCVE•added 2025/05/23 6:56 a.m.•4 views

CVE-2024-11716

While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...

5.3CVSS6.2AI score0.11659EPSS

RedhatCVE•added 2025/05/23 6:54 a.m.•4 views

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

6.3CVSS6.6AI score0.00629EPSS

RedhatCVE•added 2025/05/23 6:37 a.m.•4 views

CVE-2024-42988

Lack of access control in ChallengeSolves /api/v1/challenges//solves of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+...

4.3CVSS4.3AI score0.00304EPSS

Exploits0

RedhatCVE•added 2025/02/21 6:16 a.m.•6 views

CVE-2025-23001

A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE: the Supplier's...

6.1CVSS7AI score0.00274EPSS