Product
dogukanurker flaskblog
10 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-55737
CVE-2025-55736
CVE-2025-55735
CVE-2025-55734
CVE-2025-53631
CVE-2025-28104
CVE-2025-28103
CVE-2025-28102
CVE-2025-28101
CVE-2024-22414
<= 2.8.0
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of
<= 2.8.0
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relat
<= 2.8.0
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the
<= 2.8.0
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the
<= 2.8.1
flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST r
all versions
Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.
all versions
Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.
all versions
A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a cra
all versions
An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article
<= 1.1.0
flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the
/user/<user> page allows a user's comment