CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

GHSA-765J-9R45-W2Q2 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create...

File upload vulnerability in H-ui.admin

H-ui front-end framework is a lightweight front-end framework. A file upload vulnerability exists in H-ui.admin, which can be exploited by attackers to gain control of a web server...