Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: flask Clear
ID Title
CVE-2026-15034 Cross-Site Request Forgery (CSRF) in flask (CVE-2026-15034)
vulnerability in flask (CVE-2026-15034). Risk of unauthorized operations or information disclosure.
CVE-2026-49471 Vulnerability in flask (CVE-2026-49471)
vulnerability in flask (CVE-2026-49471). Successful exploitation can lead to full system takeover. Exploitable via `Host header`.
CVE-2026-12046 Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
CVE-2026-42489 Vulnerability in flask (CVE-2026-42489)
vulnerability in flask (CVE-2026-42489). Risk of unauthorized operations or information disclosure.
CVE-2026-42490 Vulnerability in flask (CVE-2026-42490)
vulnerability in flask (CVE-2026-42490). Risk of unauthorized operations or information disclosure.
CVE-2026-45561 SSRF (Server-Side Request Forgery) in flask (CVE-2026-45561)
SSRF in flask (CVE-2026-45561). Confidential information can be exposed externally.
CVE-2026-41522 Vulnerability in flask (CVE-2026-41522)
vulnerability in flask (CVE-2026-41522). Risk of unauthorized operations or information disclosure. Exploitable via ``case.iocs``. Mitigation: upgrade to `2.4.28` or later.
CVE-2026-42999 Vulnerability in keystone (CVE-2026-42999)
vulnerability in keystone (CVE-2026-42999). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
CVE-2026-48544 Path Traversal in taipy (CVE-2026-48544)
path traversal in taipy (CVE-2026-48544). Confidential information can be exposed externally.
CVE-2026-2652 Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-45306 Vulnerability in pyload-ng (CVE-2026-45306)
vulnerability in pyload-ng (CVE-2026-45306). Confidential information can be exposed externally. Exploitable via `GET /files/get/`.
CVE-2026-41255 Cross-Site Request Forgery (CSRF) in ckan (CVE-2026-41255)
vulnerability in ckan (CVE-2026-41255). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.11.5` or later.
CVE-2026-7820 Vulnerability in pgadmin4 (CVE-2026-7820)
vulnerability in pgadmin4 (CVE-2026-7820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.15` or later.
CVE-2026-44338 Vulnerability in PraisonAI (CVE-2026-44338)
vulnerability in PraisonAI (CVE-2026-44338). Risk of unauthorized operations or information disclosure. Exploitable via `POST /chat`. Mitigation: upgrade to `4.6.34` or later.
CVE-2026-34531 Authentication Bypass in Flask-HTTPAuth (CVE-2026-34531)
authentication bypass in Flask-HTTPAuth (CVE-2026-34531). Data can be tampered with by attackers. Exploitable via ``token``. Mitigation: upgrade to `4.8.1` or later.
CVE-2016-10516 Cross-Site Scripting (XSS) in flask (CVE-2016-10516)
cross-site scripting in flask (CVE-2016-10516). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →