EUVD-2025-12361

Malicious code in bioql PyPI...

EUVD-2025-28607

Malicious code in bioql PyPI...

EUVD-2025-28608

Malicious code in bioql PyPI...

EUVD-2025-14828

Malicious code in bioql PyPI...

CVE-2025-55735

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

CVE-2025-55737

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...

CVE-2025-55737

CVE-2025-55737 affects flaskBlog versions prior to 2.8.0. The root cause is missing ownership validation when deleting comments, enabling any user to delete another user’s comment by intercepting the delete request and altering the commentID in routes/post.py. Documents consistently describe the ...

CVE-2025-55737 flaskBlog arbitrary comment delete

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...

CVE-2025-55737 flaskBlog arbitrary comment delete

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...

CVE-2025-55736 flaskBlog allows arbitrary privilege escalation

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

CVE-2025-55736 flaskBlog allows arbitrary privilege escalation

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

CVE-2025-55736 flaskBlog allows arbitrary privilege escalation

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges e.g. delete users, posts, comments etc.. The problem is in the routes/adminPanelUsers file...

CVE-2025-55735

CVE-2025-55735 affects flaskBlog (Python/Flask) up to version 2.8.0. The stored XSS vulnerability arises from unvalidated postContent content rendered with the Jinja2 | safe filter in template/routes.html, which disables escaping. Impact is stored XSS within post content. Remediation: upgrade fla...

CVE-2025-55735 flaskBlog Stored XSS Vulnerability

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "postContent". The vulnerability arises when displaying the content of the post using the | safe filter, that tells the engine to not escap...

CVE-2025-55734 flaskBlo Authorization Bypass

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2025-55734 flaskBlo Authorization Bypass

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions, which stems from unvalidated comment ownership that could lead to arbitrary deletion of comments...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions, which stems from the fact that an arbitrary user may be elevated to the administrator role...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions that stems from unchecked user roles and could lead to bypassing access control...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker Personal Developer. A security vulnerability exists in FlaskBlog 2.8.0 and earlier versions, which stems from unvalidated post content that could lead to stored cross-site scripting...