daniele_m/cve-list

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-57563 ↗	Oct 14, 2025Tuesday, 14 October 2025, 18:15	6.5 MEDIUM	—
A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files.
CVE-2025-57618 ↗	Oct 14, 2025Tuesday, 14 October 2025, 18:15	7.3 HIGH	—
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access the application's configuration files, which contain the secret key used to sign JSON Web Tokens as well as existing JTIs. With this information, an attacker can forge valid JWTs, impersonate the root user, and achieve remote code execution in privileged context via authenticated endpoints.
CVE-2023-52288 ↗	Jan 13, 2024Saturday, 13 January 2024, 04:15	7.5 HIGH	—
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.
CVE-2023-52289 ↗	Jan 13, 2024Saturday, 13 January 2024, 04:15	7.5 HIGH	—
An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.