8 matches found
EUVD-2025-20241
Malicious code in bioql PyPI...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
CVE-2025-43931
CVE-2025-43931 affects Flask-Boilerplate up to code revision a170e7c. The root cause is an unconfigured SERVER_NAME, causing the password reset flow to rely on the Host header and enabling account takeover. The CVSS v3.1 metrics indicate a critical risk (9.8) with network attack vector, low attac...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
flask-boilerplate 安全漏洞
flask-boilerplate is a Boilerplate template for Python Flask applications open-sourced by Real Python. A security vulnerability exists in version a170e7c of flask-boilerplate, which stems from an improperly configured password reset feature that could lead to account takeover...
PT-2025-28174 · Pypi · Flask-Boilerplate
Name of the Vulnerable Software and Affected Versions: flask-boilerplate versions through a170e7c Description: The issue allows account takeover via the password reset feature. This is because the SERVER NAME is not configured, and thus the password reset depends on the Host HTTP header...