abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +131 more potentially affected by CVE-2025-58065 via flask-appbuilder (>=4.1.2 <=4.6.3)

flask-appbuilder PYPI version =4.1.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.2.1, =0.4.0, =0.1.0a1, =0.8.2, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2025-58065 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-12670878...

CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

CVE-2025-58065

CVE-2025-58065 (Flask-AppBuilder) : Prior to v4.8.1, when using non-database authentication (OAuth/LDAP, etc.), the password reset endpoint remains registered and accessible even if not shown in the UI. This can let an enabled user reset their password and obtain JWTs, potentially bypassing deact...

CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

GHSA-765J-9R45-W2Q2 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create...

Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create...

Flask App Builder 授权问题漏洞

Flask App Builder is a simple and fast application development framework by Daniel Vaz Gaspar Personal Developer. An authorization issue vulnerability exists in Flask App Builder versions prior to 4.8.1, which stems from not disabling the password reset feature when using a non-database...

Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT...

Flask App Builder 输入验证错误漏洞

Flask App Builder is a simple and fast application development framework by Daniel Vaz Gaspar Personal Developer. An input validation error vulnerability exists in Flask App Builder versions prior to 4.6.2, which stems from an unvalidated host header and could lead to an open redirect...

Flask App Builder 安全漏洞

Flask App Builder is a simple and fast application development framework by Daniel Vaz Gaspar Personal Developer. A security vulnerability exists in Flask App Builder versions prior to 4.5.3, which stems from an unauthenticated user being able to enumerate existing usernames...

Flask App Builder 安全漏洞

Flask App Builder is a simple and fast application development framework by Daniel Vaz Gaspar Personal Developer. A security vulnerability exists in Flask App Builder versions prior to 4.5.1 that stems from allowing the browser to store sensitive data locally...

PYSEC-2023-94

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

Flask-AppBuilder 输入验证错误漏洞

Flask-AppBuilder is a simple and fast application development framework. An input validation error vulnerability exists in versions of Flask-AppBuilder prior to 3.4.5, which stems from an open redirection vulnerability in versions of Flask-AppBuilder prior to 3.4.5 when using database...

Flask-AppBuilder 输入验证错误漏洞

Flask-AppBuilder is a simple and fast application development framework. Flask-AppBuilder suffers from an input validation error vulnerability that arises from a networked system or product that does not properly filter special characters in parameters during the construction of command parameter...