📦 Flagforge

Flag Forge CTF platform versions 2.0.0 through 2.3.1 have unauthenticated API endpoints that allow unauthorized users to view all badge templates with sensitive metadata and create arbitrary badge tem...

Flag Forge CTF platform versions 2.2.0 through 2.3.0 have a session invalidation vulnerability where authenticated users can continue accessing protected endpoints and CSRF tokens remain valid after l...

This vulnerability in Flag Forge CTF platform allows unauthenticated attackers to create, modify, or delete platform resources via the /api/resources endpoint. It affects all deployments running versi...

In Flag Forge CTF platform version 2.1.0, non-admin users can create arbitrary challenges, allowing them to introduce malicious, incorrect, or misleading content. This affects all deployments running ...

Flag Forge CTF platform versions 2.0.0 through 2.3.1 expose user email addresses through a public API endpoint. This vulnerability allows unauthenticated attackers to harvest email addresses of regist...