CVE-2026-15034
A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionalit
CVSS
4.3
Medio
EPSS
0.2%
p13
KEV
—
Exploit Today
4
0-100
Publicado: 8 jul 2026 · Última mod.: 8 jul 2026 · CWE-352 · CWE-862
0.2%EPSS · 30 días0.2%
2026-07-092026-07-17
A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
- github.comhttps://github.com/flask-dashboard/Flask-MonitoringDashboard/
- github.comhttps://github.com/flask-dashboard/Flask-MonitoringDashboard/issues/557
- vuldb.comhttps://vuldb.com/cve/CVE-2026-15034
- vuldb.comhttps://vuldb.com/submit/850877
- vuldb.comhttps://vuldb.com/submit/850878
- vuldb.comhttps://vuldb.com/submit/850879
- vuldb.comhttps://vuldb.com/submit/850880
- vuldb.comhttps://vuldb.com/vuln/376785
- vuldb.comhttps://vuldb.com/vuln/376785/cti
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2008-41284.3 MED97.6%
KEV—79Cisco IOS Cross-Site Request Forgery Vulnerability4dCVE-2026-277718.2 ALT98.5%
——30Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.11dCVE-2023-361447.5 ALT98.3%
——30An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.10dCVE-2021-445958.8 ALT97.3%
——29Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.10dCVE-2019-135298.8 ALT86.2%
——26An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.5dCVE-2020-253669.1 CRÍ82.0%
——25An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.10d