CVE-2025-28101 — CVSS 6.5 (medium): An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles…
CVE-2024-22414 — CVSS 6.5 (medium): flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to…
CVE-2025-55734 — CVSS 6.5 (medium): flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin…
CVE-2025-55736 — CVSS 6.5 (medium): flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative…
CVE-2025-55737 — CVSS 6.5 (medium): flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the…
CVE-2025-28103 — CVSS 6.4 (medium): Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.
CVE-2025-28102 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted…
CVE-2025-55735 — CVSS 5.4 (medium): flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post…
CVE-2025-53631 — CVSS 5.4 (medium): flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests…