CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/07/11 1:15 a.m.•6 views

Path traversal

The dankolbman/travelblahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.00432EPSS

Prion•added 2022/07/11 1:15 a.m.•11 views

Path traversal

The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

5CVSS8.7AI score0.00419EPSS

Prion•added 2022/07/11 1:15 a.m.•9 views

Path traversal

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.00483EPSS

Exploits1References2Affected Software1

Prion•added 2022/07/11 1:15 a.m.•9 views

Path traversal

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

6.4CVSS9.3AI score0.00483EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/07/11 1:2 a.m.•12 views

CVE-2022-31587

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE•added 2022/07/11 1:2 a.m.•66 views

CVE-2022-31585

CVE-2022-31585 concerns the umeshpatil-dev/Home__internet repository (through 2020-08-28) where absolute path traversal is possible due to unsafe usage of Flask's send_file. Connected feeds (Red Hat, NVD, CVE lists, CNNVD, PRION, etc.) reiterate the issue as an absolute path traversal vulnerabili...

CVE•added 2022/07/11 1:1 a.m.•68 views

CVE-2022-31581

CVE-2022-31581 affects the scorelab/OpenMF repository. Affected: OpenMF before 2022-05-03. The issue is an absolute path traversal caused by the unsafe use of Flask’s send_file function. Exploit details, affected versions beyond the stated date, and remediation steps are not provided in the conne...

9.3CVSS9.2AI score0.00432EPSS

Exploits1References2Affected Software1

Cvelist•added 2022/07/11 1:1 a.m.•11 views

CVE-2022-31579

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

Cvelist•added 2022/07/11 1:1 a.m.•10 views

Exploits0References1

CVE-2022-31575

The duducosmos/livropython repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE•added 2022/07/11 1:1 a.m.•65 views

CVE-2022-31575

The CVE-2022-31575 entry concerns the duducosmos/livro_python repository (through 2018-06-06). The vulnerability is an absolute path traversal caused by unsafe use of Flask send_file. Impact is described by NVD CVSS metrics: CVSS v3.1 base score 9.3 (CRITICAL) with network attack vector, no privi...

CVE•added 2022/07/11 1:0 a.m.•44 views

CVE-2022-31572

CVE-2022-31572 affects the ceee-vip/cockybook repository (through 2015-04-16) where absolute path traversal is possible due to unsafe use of Flask send_file. The issue is described as an insecure file access route that can expose files outside the intended directory. CVSS metrics in the initial r...

CVE•added 2022/07/11 1:0 a.m.•40 views

CVE-2022-31566

CVE-2022-31566 : The DSAB-local/DSAB repository (up to 2019-02-18) suffers an absolute path traversal due to unsafe usage of Flask send_file, enabling access to arbitrary files on the file system. The vulnerability is reflected across multiple feeds (NVD, Red Hat, CNVD, CVE lists) with impact des...

8.6CVSS8.7AI score0.00419EPSS

CVE•added 2022/07/11 1:0 a.m.•68 views

CVE-2022-31562

The CVE-2022-31562 entry is linked to the waveyan/internshipsystem repository prior to 2018-05-22, where an unsafe use of Flask’s send_file enables absolute path traversal. Documented details specify that the vulnerability stems from how send_file is called, allowing traversal of the host filesys...

9.3CVSS9.3AI score0.00465EPSS

Cvelist•added 2022/07/11 12:59 a.m.•14 views

CVE-2022-31560

The uncleYiba/phototag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.6AI score0.00465EPSS

Exploits0References1

CVE•added 2022/07/11 12:59 a.m.•64 views

CVE-2022-31557

CVE-2022-31557 involves the seveas/golem repository (up to 2016-05-17) where an unsafe use of Flask’s send_file enables absolute path traversal. The issue is documented across multiple sources, indicating a path traversal flaw in that code path. The CVSS data (2.0/3.1) suggests confidentiality im...

9.3CVSS9.3AI score0.00465EPSS

CVE•added 2022/07/11 12:59 a.m.•66 views

CVE-2022-31556

The CVE-2022-31556 entry concerns the rusyasoft/TrainEnergyServer repository (up to 2017-08-03). Affected component: Flask’s send_file usage, which is described as unsafe. Root cause: improper handling in send_file leads to absolute path traversal. Impact stated across sources: potential exposure...

Cvelist•added 2022/07/11 12:59 a.m.•16 views

CVE-2022-31553

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE•added 2022/07/11 12:58 a.m.•56 views

CVE-2022-31548

CVE-2022-31548 affects the nrlakin/homepage repository up to 2017-03-06. The root cause is unsafe use of Flask’s send_file, enabling absolute path traversal. This leads to potential unauthorized access to files outside the intended directory, as described across Red Hat and CVE/NVD records. Publi...

Cvelist•added 2022/07/11 12:57 a.m.•12 views

CVE-2022-31542

The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...