Lucene search
K

277 matches found

CVE
CVE
added 2025/05/16 1:51 p.m.175 views

CVE-2025-32962

CVE-2025-32962 affects Flask-AppBuilder before 4.6.2. An unauthenticated attacker can trigger an open redirect by manipulating the HTTP Host header. The root cause is insufficient validation of redirect targets. The advisory notes that Flask-AppBuilder 4.6.2 introduces the FAB_SAFE_REDIRECT_HOSTS...

6.1CVSS4.7AI score0.00191EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/05/16 1:51 p.m.6 views

CVE-2025-32962 Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...

4.3CVSS6.6AI score0.00191EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.4 views

PT-2025-21650

Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.6.2 Description: The issue allows a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FAB SAFE REDIRECT HOS...

6.1CVSS5.2AI score0.00191EPSS
Exploits0References169
GitLab Advisory Database
GitLab Advisory Database
added 2025/05/16 12:0 a.m.17 views

Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests...

6.1CVSS6.8AI score0.00191EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2025/03/10 8:17 a.m.8 views

Username Enumeration

Flask-AppBuilder is vulnerable to Username Enumeration. The vulnerability is due to differences in server response time when brute forcing login requests, allowing unauthenticated users to enumerate existing usernames...

5.3CVSS6.7AI score0.00304EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/06 1:56 a.m.23 views

CVE-2025-24023

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3...

5.3CVSS7AI score0.00304EPSS
Exploits0References1
PyPA
PyPA
added 2025/03/03 4:15 p.m.7 views

PYSEC-2025-15

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3...

5.3CVSS6.9AI score0.00304EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsv
added 2025/03/03 4:15 p.m.5 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.11.0rc1) +156 more potentially affected by CVE-2025-24023 via flask-appbuilder (>=1.10.0 <=4.5.2)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.11 and more Source cves: CVE-2025-24023 Source advisory: OSV:PYSEC-2025-15...

5.3CVSS5.8AI score0.00304EPSS
Exploits0
NVD
NVD
added 2025/03/03 4:15 p.m.16 views

CVE-2025-24023

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3...

5.3CVSS0.00304EPSS
Exploits0References1
OSV
OSV
added 2025/03/03 4:15 p.m.2 views

PYSEC-2025-15

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3...

5.3CVSS5.9AI score0.00304EPSS
Exploits0References1
Snyk
Snyk
added 2025/03/03 3:26 p.m.4 views

Information Exposure

Overview Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Information Exposure due to observable...

6.3CVSS7AI score0.00304EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/03/03 3:26 p.m.3 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +31 more potentially affected by CVE-2025-24023 via flask-appbuilder (>=4.1.2 <=4.5.2)

flask-appbuilder PYPI version =4.1.2, =0.10.5.2rc3, =0.2.1, =0.8.2, =0.3.1, =0.0.4, =0.0.1a0, =2.3.3, =1.0.0, =1.0.0rc1, =1.0.2, =1.0.0rc1, =1.8.1rc1 and more Source cves: CVE-2025-24023 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-9058045...

5.3CVSS5.8AI score0.00304EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/03 3:26 p.m.3 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.11.0rc1) +156 more potentially affected by CVE-2025-24023 via flask-appbuilder (>=1.10.0 <=4.5.2)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.11 and more Source cves: CVE-2025-24023 Source advisory: OSV:GHSA-P8Q5-CVWX-WVWP...

5.3CVSS5.8AI score0.00304EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/03/03 3:26 p.m.23 views

Flask-AppBuilder Observable Response Discrepancy

Impact User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. Patches Upgrade to flask-appbuilder=4.5.3 Workarounds Downgrade...

5.3CVSS6.8AI score0.00304EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/03/03 3:26 p.m.3 views

GHSA-P8Q5-CVWX-WVWP Flask-AppBuilder Observable Response Discrepancy

Impact User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. Patches Upgrade to flask-appbuilder=4.5.3 Workarounds Downgrade...

3.7CVSS5.9AI score0.00304EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/03/03 3:25 p.m.20 views

CVE-2025-24023 Observable Response Discrepancy in flask-appbuilder

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3...

3.7CVSS0.00304EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 3:25 p.m.305 views

CVE-2025-24023

CVE-2025-24023 affects Flask-AppBuilder prior to 4.5.3, where unauthenticated users can enumerate existing usernames by timing the login request response. This timing discrepancy constitutes a partial information disclosure vulnerability with low to medium impact as described in multiple sources....

5.3CVSS4.1AI score0.00304EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/03 3:25 p.m.17 views

CVE-2025-24023 Observable Response Discrepancy in flask-appbuilder

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3...

3.7CVSS4.1AI score0.00304EPSS
Exploits0References1
OSV
OSV
added 2025/03/03 3:25 p.m.10 views

CVE-2025-24023 Observable Response Discrepancy in flask-appbuilder

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3...

3.7CVSS6.5AI score0.00304EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2025/03/03 12:0 a.m.13 views

Flask-AppBuilder Observable Response Discrepancy

User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login...

5.3CVSS6.9AI score0.00304EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder