This page collects WhisperX intelligence signals tagged #flask. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security misconfiguration has been flagged in a Python Flask application, where the `app.run()` command is executed at the top level of the script. This pattern bypasses the standard `if __name__ == '__main__':` guard, creating a direct risk of the development server starting unintentionally when the module ...
A critical security flaw has been automatically flagged in a public GitHub repository, exposing a web application to potential remote code execution. The vulnerability, detected by GitHub's CodeQL Security Analysis, centers on a Flask application running in debug mode within the `main.py` file of the 'The-Unsecure-PWA'...
A recent automated security audit of the intentionally vulnerable Flask WebGoat application has uncovered 18 critical vulnerabilities, exposing a stark demonstration of common security failures. The audit, dated March 28, 2026, identified severe risks across multiple OWASP Top 10 categories, including SQL injection, re...
A recent automated security audit of the Flask-WebGoat project has flagged a staggering seven critical vulnerabilities, exposing the intentionally vulnerable educational application to severe security risks. The audit summary reveals a total of 16 findings, including four high-severity and three medium-severity issues,...
A recent automated security audit of the Flask-WebGoat project has flagged a staggering seven critical vulnerabilities, exposing the intentionally vulnerable educational application to severe security risks. The audit, dated March 30, 2026, reveals a foundational dependency stack riddled with outdated and exploitable c...
A critical security vulnerability has been exposed in a Flask application, where a hardcoded secret key is embedded directly in the source code. The exposure, flagged as a high-severity issue, centers on line 19 of the `app.py` file, which contains the insecure assignment `app.secret_key = "super_secret_key_1234"`. Thi...
A direct path traversal vulnerability in the Orchard project's file download endpoint allows attackers to read arbitrary files from the server's filesystem. The flaw is located in the `download_file()` function within `app/orchard/controllers.py`, which takes a user-supplied filename parameter and passes it directly to...
A critical code hygiene failure in a Flask application creates a hidden security maintenance trap. A developer has embedded a massive, approximately 300-line HTML template directly as a raw string within the `app.py` file. This inline template dangerously duplicates the functionality and content of the primary `index.h...
A critical security vulnerability has been identified in a Flask application, exposing it to potential session hijacking and user impersonation attacks. The application's secret key, used for cryptographically signing session cookies, is hardcoded directly into the source code file `app.py` on line 20. This fundamental...
A high-severity SQL injection vulnerability has been identified in the application's search functionality, allowing attacker-controlled input to be concatenated directly into database queries. The flaw resides in `app/routes.py` at line 34, where user-provided search parameters from the 'q' query string are embedded in...
A critical SQL injection vulnerability has been identified in the route handler logic of a Flask-based web application, exposing the system to potential unauthorized database manipulation. The flaw, classified under CWE-89, exists within the search functionality where user-supplied input flows directly into raw SQL que...
Security researchers have identified a broken access control vulnerability in Apache Superset, the widely deployed open-source business intelligence platform. The flaw, classified under OWASP A01:2021, stems from API endpoints missing required @has_access permission decorators, potentially allowing unauthorized users t...
A session handling flaw in Flask versions through 2.3.3 introduces the risk of cache-related data leakage for web applications deployed behind certain caching proxies. The vulnerability, tracked as CVE-2026-27205, stems from incomplete enforcement of the `Vary: Cookie` HTTP header when the session object is accessed us...
A critical security flaw in Apache Superset persists in production environments, despite a prior patch addressing a similar vulnerability. The issue centers on a hardcoded fallback `SECRET_KEY` value—'thisismysecretkey'—shipped within `superset/config.py`. Security researchers warn that deployments failing to override ...