CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

EUVD-2026-1664

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868 Flag Forge has ReDoS Vulnerability in User Profile Lookup API

Flag Forge is a Capture The Flag CTF platform. Versions 2.3.2 and below have a Regular Expression Denial of Service ReDoS vulnerability in the user profile API endpoint /api/user/username. The application constructs a regular expression dynamically using unescaped user input the username paramete...

CVE-2026-21868

CVE-2026-21868 affects Flag Forge, specifically versions 2.3.2 and earlier. The vulnerability is a Regular Expression Denial of Service (ReDoS) in the user profile API endpoint /api/user/[username], where the application builds a regex dynamically from the unescaped username input. An attacker ca...

Flag Forge 安全漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. A security vulnerability exists in Flag Forge 2.3.2 and earlier versions that stems from a regular expression denial of service issue in the user profile API endpoint...

PT-2026-2108

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.3.2 and below Description Flag Forge is a Capture The Flag CTF platform susceptible to a Regular Expression Denial of Service ReDoS condition. The issue resides in the user profile API endpoint, /api/user/username. The...

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

CVE-2025-61777

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

CVE-2025-61777

Flag Forge (CTF platform) prior to v2.3.2 exposed unauthenticated access via GET /api/admin/badge-templates and POST /api/admin/badge-templates/create, enabling retrieval of all badge templates and sensitive metadata (createdBy, createdAt, updatedAt) and potential creation of templates. Root caus...

CVE-2025-61777 FlagForge Allows Unauthenticated Badge Template API Access

Flag Forge is a Capture The Flag CTF platform. Starting in version 2.0.0 and prior to version 2.3.2, the /api/admin/badge-templates GET and /api/admin/badge-templates/create POST endpoints previously allowed access without authentication or authorization. This could have enabled unauthorized user...

PT-2025-40914

Name of the Vulnerable Software and Affected Versions FlagForge versions 2.0.0 through 2.3.2 Description FlagForge, a Capture The Flag CTF platform, had endpoints that did not require authentication or authorization. Specifically, the /api/admin/badge-templates GET and...

Flag Forge 访问控制错误漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An access control error vulnerability exists in Flag Forge versions 2.0.0 through prior to 2.3.2, which stems from a lack of authentication and authorization checks in the /api/admin/badge-templates and...

EUVD-2025-30932

Malicious code in bioql PyPI...

EUVD-2025-31370

Malicious code in bioql PyPI...

EUVD-2025-31401

Malicious code in bioql PyPI...

EUVD-2025-31126

Malicious code in bioql PyPI...

CVE-2025-59932

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

CVE-2025-59843

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/username returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public AP...