8 matches found
EUVD-2025-20241
Malicious code in bioql PyPI...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
CVE-2025-43931
CVE-2025-43931 affects Flask-Boilerplate up to code revision a170e7c. The root cause is an unconfigured SERVER_NAME, causing the password reset flow to rely on the Host header and enabling account takeover. The CVSS v3.1 metrics indicate a critical risk (9.8) with network attack vector, low attac...
PT-2025-28174 · Pypi · Flask-Boilerplate
Name of the Vulnerable Software and Affected Versions: flask-boilerplate versions through a170e7c Description: The issue allows account takeover via the password reset feature. This is because the SERVER NAME is not configured, and thus the password reset depends on the Host HTTP header...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
flask-boilerplate 安全漏洞
flask-boilerplate is a Boilerplate template for Python Flask applications open-sourced by Real Python. A security vulnerability exists in version a170e7c of flask-boilerplate, which stems from an improperly configured password reset feature that could lead to account takeover...