CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...

CVE-2025-59932

Summary: CVE-2025-59932 affects Flag Forge (FlagForgeCTF). From versions 2.0.0 up to before 2.3.1, the /api/resources endpoint allowed POST and DELETE requests without proper authentication or authorization, enabling unauthorized users to create, modify, or delete resources. The issue has been fi...

CVE-2025-59843 FlagForgeCTF Exposes User Emails via Public /api/user/[username] API

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/username returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public AP...

CVE-2025-59826 FlagForgeCTF Vulnerable to Unauthorized Problem Creation

Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0...