GHSA-MCVF-JXCW-VJ73 CKAN has CSRF exemption primed by anonymous requests

Views can be marked as exempt from CSRF protection Access to the views via tokens or unauthenticated requests marked the endpoint as not requiring CSRF protection. The marking was a member variable in flask-wtf.csrf.CSRFProtect, which was stored as a module level variable in the flaskapp...

SafeVault

SafeVault - Security and Authentication Capstone Project A pr...

Security Bulletin: IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205.

Summary IBM Maximo Application Suite uses flask-3.1.2-py3-none-any.whl which is vulnerable to CVE-2026-27205. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-5889 DESCRIPTION: A vulnerability was found in juliangruber...

CVE-2026-34531

Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token...

CVE-2026-34531

CVE-2026-34531 affects Flask-HTTPAuth (Python package) and concerns the token verification callback receiving an empty string when a request targets a token-protected resource without a token or with an empty token. This could allow authentication against any user whose token is an empty string. ...

GHSA-7432-952R-CW78 Authlib Vulnerable to JWE RSA1_5 Bleichenbacher Padding Oracle

Executive Summary A cryptographic padding oracle vulnerability was identified in the Authlib Python library concerning the implementation of the JSON Web Encryption JWE RSA15 key management algorithm. Authlib registers RSA15 in its default algorithm registry without requiring explicit opt-in,...

Web_vuln_scanner

Webvulnscanner A simple web-based vulnerabil...

SUSE CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

UBUNTU-CVE-2026-27205

Flask is a web server gateway interface WSGI web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie header., resulting in a Use of Cache Containing Sensitive Information vulnerability. The logic instructs caches not to cache...

Snitch__Scan

PoC exploit for XSS Vulnerability Scanner. This tool is designed...

OWASP-Lite-Scanner

OWASP-Lite-Scanner OWASP-Lite Scanner: A Flask-ba...

XSS-Scanner-cross-site-scanning-

Basic XSS Lab Local — Flask + CLI Scanner Quick start W...

EUVD-2023-0080

Malicious code in bioql PyPI...

ROS-20250912-09

Vulnerability in the implementation of the CORS mechanism of the Python PyPi language software product repository is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. remotely to disclose protected...

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

Cross-site Scripting (XSS)

Overview pywa is a 🚀 Build WhatsApp Bots in Python • Fast, Effortless, Powerful Affected versions of this package are vulnerable to Cross-site Scripting XSS via the webhook challenge and update handlers in the Flask and FastAPI webhook endpoints. An attacker can execute malicious scripts in...

TencentOS Server 4: python-flask (TSSA-2025:0162)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0162 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security Bulletin: IBM Maximo Application Suite Predict Component : Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used.

Summary Security Bulletin: IBM Maximo Application Suite Predict Component Component uses Flask is a web server gateway interface WSGI web application framework. In Flask 3.1.0.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-4727...

Alibaba Cloud Linux 3 : 0008: python-flask (ALINUX3-SA-2024:0008)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0008 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-30861: Flask is a lightweight WSGI web...