Dogukanurker Flaskblog

10 CVEs affecting Dogukanurker Flaskblog. Latest disclosed: 2025-08-19. Critical: 1, High: 0.

Top CVEs affecting Dogukanurker Flaskblog
CVESeverityScorePublishedSummary
CVE-2025-28104Critical9.12025-04-21Incorrect access control in laskBlog v2.6.1 allows attackers to access all usernames via a crafted input.
CVE-2025-55737Medium6.52025-08-19flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can…
CVE-2025-55736Medium6.52025-08-19flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, an arbitrary user can change his role to "admin", giving its relative privileges (e.g. delete u…
CVE-2025-55734Medium6.52025-08-19flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when vis…
CVE-2025-28101Medium6.52025-04-17An arbitrary file deletion vulnerability in the /post/{postTitle} component of flaskBlog v2.6.1 allows attackers to delete article titles created by other user…
CVE-2024-22414Medium6.52024-01-17flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javasc…
CVE-2025-28103Medium6.42025-04-21Incorrect access control in laskBlog v2.6.1 allows attackers to arbitrarily delete user accounts via a crafted request.
CVE-2025-28102Medium6.12025-04-21A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into th…
CVE-2025-55735Medium5.42025-08-19flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when creating a post, there's no validation of the content of the post stored in the variable "…
CVE-2025-53631Medium5.42025-08-14flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads…