Lucene search
K

8 matches found

OpenVAS
OpenVAS
added 2025/11/14 12:0 a.m.2 views

Mageia: Security Advisory (MGASA-2025-0286)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.00677EPSS
Exploits5References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/01 10:29 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flask_cors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844

Summary Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses flaskcors-5.0.1-py3-none-any.whl which is vulnerable to this CVE-2024-6839, CVE-2024-6866 and CVE-2024-6844 Vulnerability Details CVEID:CVE-2024-6866 DESCRIPTION: corydolphin/flask-cors version 4.01 contain...

7.5CVSS6.8AI score0.00652EPSS
Exploits3Affected Software1
Circl
Circl
added 2025/05/23 10:39 p.m.25 views

CVE-2024-6844

creationtimestamp| type| source ---|---|--- 2025-05-23 22:39:43+00:00| seen| https://gist.github.com/EbonJaeger/4959b52b5b6898ca4e109d36bb8b6d36...

5.3CVSS5.2AI score0.00281EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.7 views

aact-openhands (>=0.0.4 <=0.0.5), aberoth-ephemeris (>=1.0.0 <=1.0.2) +580 more potentially affected by CVE-2024-6844 via flask-cors (>=1.1.2 <=5.0.1)

flask-cors PYPI version =1.1.2, =0.0.4, =1.0.0, =1.8.8, =1.1.4, =0.0.1, =0.0.1, =0.0.4, =0.0.13, =0.1.0, =0.1.1, =0.1.0, =1.1.0, =0.0.1, =0.0.18, =1.0.2, =1.3.0 and more Source cves: CVE-2024-6844 Source advisory: OSV:GHSA-8VGW-P6QM-5GR7...

5.3CVSS6.3AI score0.00281EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2025/03/20 10:15 a.m.6 views

CVE-2024-6844

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS6.3AI score0.00281EPSS
Exploits1References3
CVE
CVE
added 2025/03/20 10:10 a.m.190 views

CVE-2024-6844

CVE-2024-6844 affects the package corydolphin/flask-cors (reported as 4.0.1). The issue arises from how URL path '+’ characters are handled: request.path is passed through unquote_plus, which converts '+' to a space. This causes incorrect path normalization and mismatches between requested paths ...

5.3CVSS5.5AI score0.00281EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.7 views

CVE-2024-6844 Inconsistent CORS Matching Due to Handling of '+' in URL Path in corydolphin/flask-cors

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS5.5AI score0.00281EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/03/20 10:10 a.m.6 views

CVE-2024-6844

A vulnerability in corydolphin/flask-cors version 4.0.1 allows for inconsistent CORS matching due to the handling of the '+' character in URL paths. The request.path is passed through the unquoteplus function, which converts the '+' character to a space ' '. This behavior leads to incorrect path...

5.3CVSS5.9AI score0.00281EPSS
Exploits1
Rows per page
Query Builder