Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-15034 |
|
Cross-Site Request Forgery (CSRF) in flask (CVE-2026-15034)
vulnerability in flask (CVE-2026-15034). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-49471 |
|
Vulnerability in flask (CVE-2026-49471)
vulnerability in flask (CVE-2026-49471). Successful exploitation can lead to full system takeover. Exploitable via `Host header`.
|
| CVE-2026-12046 |
|
Vulnerability in flask (CVE-2026-12046)
vulnerability in flask (CVE-2026-12046). Successful exploitation can lead to full system takeover. Exploitable via `DELETE /sqleditor/close/`.
|
| CVE-2026-42489 |
|
Vulnerability in flask (CVE-2026-42489)
vulnerability in flask (CVE-2026-42489). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42490 |
|
Vulnerability in flask (CVE-2026-42490)
vulnerability in flask (CVE-2026-42490). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45561 |
|
SSRF (Server-Side Request Forgery) in flask (CVE-2026-45561)
SSRF in flask (CVE-2026-45561). Confidential information can be exposed externally.
|
| CVE-2026-41522 |
|
Vulnerability in flask (CVE-2026-41522)
vulnerability in flask (CVE-2026-41522). Risk of unauthorized operations or information disclosure. Exploitable via ``case.iocs``. Mitigation: upgrade to `2.4.28` or later.
|
| CVE-2026-42999 |
|
Vulnerability in keystone (CVE-2026-42999)
vulnerability in keystone (CVE-2026-42999). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `29.0.2` or later.
|
| CVE-2026-48544 |
|
Path Traversal in taipy (CVE-2026-48544)
path traversal in taipy (CVE-2026-48544). Confidential information can be exposed externally.
|
| CVE-2026-2652 |
|
Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
|
| CVE-2026-45306 |
|
Vulnerability in pyload-ng (CVE-2026-45306)
vulnerability in pyload-ng (CVE-2026-45306). Confidential information can be exposed externally. Exploitable via `GET /files/get/`.
|
| CVE-2026-41255 |
|
Cross-Site Request Forgery (CSRF) in ckan (CVE-2026-41255)
vulnerability in ckan (CVE-2026-41255). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `2.11.5` or later.
|
| CVE-2026-7820 |
|
Vulnerability in pgadmin4 (CVE-2026-7820)
vulnerability in pgadmin4 (CVE-2026-7820). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.15` or later.
|
| CVE-2026-44338 |
|
Vulnerability in PraisonAI (CVE-2026-44338)
vulnerability in PraisonAI (CVE-2026-44338). Risk of unauthorized operations or information disclosure. Exploitable via `POST /chat`. Mitigation: upgrade to `4.6.34` or later.
|
| CVE-2026-34531 |
|
Authentication Bypass in Flask-HTTPAuth (CVE-2026-34531)
authentication bypass in Flask-HTTPAuth (CVE-2026-34531). Data can be tampered with by attackers. Exploitable via ``token``. Mitigation: upgrade to `4.8.1` or later.
|
| CVE-2016-10516 |
|
Cross-Site Scripting (XSS) in flask (CVE-2016-10516)
cross-site scripting in flask (CVE-2016-10516). Risk of unauthorized operations or information disclosure.
|