CTFd
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-30345 | Hig | 0.49 | 7.5 | 0.00 | Mar 18, 2026 | A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import. | ||
| CVE-2024-46242 | Hig | 0.49 | 7.5 | 0.01 | Jan 7, 2025 | An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration. | ||
| CVE-2024-11717 | Med | 0.41 | — | 0.01 | Jan 2, 2025 | Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might… | ||
| CVE-2025-23001 | Med | 0.40 | 6.1 | 0.00 | Jan 31, 2025 | A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE:… | ||
| CVE-2024-11716 | Med | 0.35 | — | 0.12 | Jan 2, 2025 | While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing.… | ||
| CVE-2024-42988 | Med | 0.21 | 4.3 | 0.00 | Oct 9, 2024 | Lack of access control in ChallengeSolves (/api/v1/challenges//solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+. | ||
| CVE-2020-7245 | Cri | 0.00 | 9.8 | 0.01 | Jan 23, 2020 | Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical… |
- risk 0.49cvss 7.5epss 0.00
A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import.
- risk 0.49cvss 7.5epss 0.01
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration.
- risk 0.41cvss —epss 0.01
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might…
- risk 0.40cvss 6.1epss 0.00
A Host header injection vulnerability exists in CTFd 3.7.5, due to the application failing to properly validate or sanitize the Host header. An attacker can manipulate the Host header in HTTP requests, which may lead to phishing attacks, reset password, or cache poisoning. NOTE:…
- risk 0.35cvss —epss 0.12
While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing.…
- risk 0.21cvss 4.3epss 0.00
Lack of access control in ChallengeSolves (/api/v1/challenges//solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the Account Visibility settings. The issue is fixed in v3.7.3+.
- risk 0.00cvss 9.8epss 0.01
Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical…