13 matches found
EUVD-2021-0083
Malware in sbrugna...
EUVD-2022-0104
Malicious code in bioql PyPI...
EUVD-2024-0659
Malicious code in bioql PyPI...
EUVD-2023-0078
Malicious code in bioql PyPI...
EUVD-2022-0103
Malicious code in bioql PyPI...
CVE-2021-29621
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...
CVE-2025-32962 Flask-AppBuilder open redirect vulnerability using HTTP host injection
Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...
Flask-AppBuilder open redirect vulnerability using HTTP host injection
Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests...
CVE-2025-24023
CVE-2025-24023 affects Flask-AppBuilder prior to 4.5.3, where unauthenticated users can enumerate existing usernames by timing the login request response. This timing discrepancy constitutes a partial information disclosure vulnerability with low to medium impact as described in multiple sources....
Flask-AppBuilder Observable Response Discrepancy
User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login...
CVE-2024-25128
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...
Sensitive Data Exposure
Flask-AppBuilder is vulnerable to Sensitive Data Exposure. The vulnerability is due to insecure cache directives for the auth DB login form, which allows browsers to locally store sensitive data...
PT-2023-22080 · Pypi · Flask-Appbuilder
Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.3.0 Description: The issue is related to the lack of rate limiting, which can allow an attacker to brute-force user credentials. This can be exploited by attackers to gain unauthorized access. The estimate...