58 matches found
CVE-2025-23001
A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE: the Supplier's...
CVE-2025-23001
A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE: the Supplier's...
CVE-2025-23001
CVE-2025-23001 affects CTFd 3.7.5. The vulnerability is a Host header injection caused by insufficient validation/sanitization of the Host header in HTTP requests. Potential impacts include phishing, password reset manipulation, and cache poisoning as described in multiple sources. Some entries n...
CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
PT-2025-5593 · Unknown · Pwn.College
Name of the Vulnerable Software and Affected Versions: pwn.college affected versions not specified Description: The issue is related to incorrect symlink checks on user-specified dojos, allowing users to perform a Local File Inclusion LFI from the CTFd container without requiring admin privileges...
DOJO 安全漏洞
DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from a security vulnerability that stems from the fact that incorrect symbolic link checking of a user-specified dojo can cause a user to execute an LFI from a CTFd container, which allows a malicious user to make a reposito...
CVE-2024-46242
An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...
CVE-2024-46242
An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...
PT-2025-2733 · Ctfd · Ctfd
Name of the Vulnerable Software and Affected Versions: CTFd version 3.7.3 Description: The issue is related to the validate email function in CTFd/utils/validators/ init .py, which allows attackers to cause a Regular expression Denial of Service ReDoS by providing a crafted string as an email...
CVE-2024-46242
An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...
CVE-2024-46242
The CVE-2024-46242 entry describes a Regular Expression Denial of Service (ReDoS) in CTFd 3.7.3 caused by the validate_email function in CTFd/utils/validators/init .py. An attacker can trigger the vulnerability by supplying a crafted string as an email address during user registration, potentiall...
CVE-2024-11716
While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...
CVE-2024-11717
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...
CVE-2024-11717
CTFd (CTFd project) is affected by CVE-2024-11717. Tokens used for account activation and password resets are interchangeable and are transmitted as GET parameters; tokens are not single-use and can be reused within the expiration window, enabling an on-path attacker to reset a password and take ...
CVE-2024-11717
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...
CVE-2024-11717
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...
CVE-2024-11716
While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...
CVE-2024-11716
While assignment of a user to a team bracket in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releas...
CVE-2024-11716
CVE-2024-11716 (CTFd) : A logic flaw in CTFd allows an authenticated user to reset their bracket after registration and join another team while a competition is ongoing. Affected releases: 3.7.0—3.7.4. The issue was addressed in 3.7.5 via pull request 2636. Practical impact: potentially enables b...