| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. |
| Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. |
| LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. |
| LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. |
| LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. |
