exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 3

CVE-2026-27641

около 1 месяца назад

Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection (SSTI). Flask-Reuploaded has been patched in version 1.5.0. Some workarounds are available. Do not pass user input to the `name` parameter, use auto-generated filenames only, and implement strict input validation if `name` must be used.

CVSS3: 9.8

EPSS: Низкий

CVE-2026-27641

около 1 месяца назад

Flask-Reuploaded provides file uploads for Flask. A critical path trav ...

CVSS3: 9.8

EPSS: Низкий

GHSA-65mp-fq8v-56jr

около 1 месяца назад

Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2026-27641 Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vulnerability in versions prior to 1.5.0 allows remote attackers to achieve arbitrary file write and remote code execution through Server-Side Template Injection (SSTI). Flask-Reuploaded has been patched in version 1.5.0. Some workarounds are available. Do not pass user input to the `name` parameter, use auto-generated filenames only, and implement strict input validation if `name` must be used.	CVSS3: 9.8	0% Низкий	около 1 месяца назад
CVE-2026-27641 Flask-Reuploaded provides file uploads for Flask. A critical path trav ...	CVSS3: 9.8	0% Низкий	около 1 месяца назад
GHSA-65mp-fq8v-56jr Flask-Reuploaded vulnerable to Remote Code Execution via Server-Side Template Injection	CVSS3: 9.8	0% Низкий	около 1 месяца назад

Уязвимостей на страницу