airduct (>=0.1.13 <=0.1.22), aprsd (>=1.6.0 <=3.4.4) +42 more potentially affected by CVE-2026-34531 via flask-httpauth (>=2.5.0 <=4.8.0)

flask-httpauth PYPI version =2.5.0, =0.1.13, =1.6.0, =1.0.5, =0.0.5, =0.5.0, =4.2.6, =1.0.0, =0.0.28, =0.0.0rc24, =1.0.2, =0.2.2, =3.2.0.0, =2.0.0, =0.1.8.1, =2.2.1 and more Source cves: CVE-2026-34531 Source advisory: OSV:GHSA-P44Q-VQPR-4XMG...

EUVD-2022-1461

Malicious code in bioql PyPI...

EUVD-2022-0108

Malicious code in bioql PyPI...

EUVD-2022-1427

Malicious code in bioql PyPI...

EUVD-2022-0107

Malicious code in bioql PyPI...

EUVD-2022-1391

Malicious code in bioql PyPI...

EUVD-2022-1358

Malicious code in bioql PyPI...

CVE-2022-25512

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

CVE-2022-25511

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

CVE-2022-25506

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

CVE-2022-25510

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

CVE-2022-25507

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

CVE-2022-25508

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

Information Disclosure

FreeTAKServer-UI is vulnerable to information disclosure. The vulnerability exists because it exposes sensitive API and Websocket keys through the leakage of the RestAPI and Websocket tokens in WebUI...

Privilege Escalation

freetakserver is vulnerable to privilege escalation. The vulnerability exists due to a hardcoded Flask secret key allowing an attacker to create crafted cookies to bypass authentication or escalate privileges...

FreeTAKServer-UI Cross-Site Scripting Vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam. FreeTAKServer-UI has a cross-site scripting vulnerability that originates from the Callsign parameter, and no detailed vulnerability details are currently available...

FreeTakServer Trust Management Issue Vulnerability

FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTakServer suffers from a trust management issue vulnerability that stems from the fact that the Flask Secrets Key has three relevant locations that are hard-coded, which can be...

FreeTAKServer-UI SQL Injection Vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam team.FreeTAKServer-UI is vulnerable to SQL injection, which stems from the API endpoint/AuthenticateUser containing SQL injection into the SQLite3 database, which can be exploited by an attacker to obtain the database All...

FreeTAKServer-UI Information Disclosure Vulnerability

FreeTAKServer-UI is an open source FTS web interface from the FreeTAKTeam.FreeTAKServer-UI has an information disclosure vulnerability that stems from the fact that the WebUI leaks the RestAPI and Websocket tokens in the javascript source code, which can be exploited by an attacker to cause a...

FreeTAKServer Access Control Error Vulnerability

FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTAKServer suffers from an access control error vulnerability, which stems from the fact that Endpoint/ManageRoute/postRoute can be accessed without authentication, and can be...