3 matches found
coati-payroll (>=1.0.1 <=1.10.0), now-lms (>=1.0.3 <=1.2.3) +1 more potentially affected by CVE-2026-27641 via flask-reuploaded (>=1.2.0 <=1.4.0)
flask-reuploaded PYPI version =1.2.0, =1.0.1, =1.0.3, =4.6.1, =5.0.0 Source cves: CVE-2026-27641 Source advisory: OSV:GHSA-65MP-FQ8V-56JR...
CVE-2026-27641
creationtimestamp| type| source ---|---|--- 2026-02-25 04:17:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfnt6yexpi2c 2026-02-25 05:15:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfnwglqpwy2y 2026-02-25 06:00:30+00:00| seen|...
CVE-2026-27641 Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection SSTI. Flask-Reuploaded has been patche...