1. SQL Injection Vulnerability in Flask Routes Exposes Student Database Search
A high-severity SQL injection vulnerability has been identified in the application's search functionality, allowing attacker-controlled input to be concatenated directly into database queries. The flaw resides in `app/routes.py` at line 34, where user-provided search parameters from the 'q' query string are embedded in...