Lucene search
K

216 matches found

Snyk
Snyk
•added 2025/09/11 6:41 p.m.•5 views

Improper Authentication

Overview Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Improper Authentication via the reset my...

7.1CVSS6.9AI score0.00376EPSS
Exploits0References2
NVD
NVD
•added 2025/09/11 6:15 p.m.•6 views

CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS0.00376EPSS
Exploits0References4
vulnersOsv
vulnersOsv
•added 2025/09/11 4:51 p.m.•4 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +250 more potentially affected by CVE-2025-58065 via flask-appbuilder (>=1.10.0 <=4.6.3)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.1.0a7 and more Source cves: CVE-2025-58065 Source advisory: OSV:GHSA-765J-9R45-W2Q2...

6.5CVSS5.7AI score0.00376EPSS
Exploits0
Positive Technologies
Positive Technologies
•added 2025/09/11 12:0 a.m.•8 views

PT-2025-37255

Name of the Vulnerable Software and Affected Versions: Flask-AppBuilder versions prior to 4.8.1 Description: Flask-AppBuilder is an application development framework. When configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains accessible...

6.5CVSS5.3AI score0.00376EPSS
Exploits0References218
RedhatCVE
RedhatCVE
•added 2025/05/23 9:38 a.m.•11 views

CVE-2024-27083

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

6.1CVSS5.8AI score0.00567EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 8:7 a.m.•6 views

CVE-2024-45314

Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If...

5.5CVSS5.3AI score0.00262EPSS
Exploits0
RedhatCVE
RedhatCVE
•added 2025/05/23 4:27 a.m.•5 views

CVE-2023-34110

Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on t...

2.7CVSS6.5AI score0.00676EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/23 3:39 a.m.•5 views

CVE-2023-29005

Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using AUTHRATELIMITED = True, RATELIMITENABLED = True, and setting an AUTHRATELIMIT...

7.5CVSS6.7AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/22 10:24 p.m.•6 views

CVE-2022-21659

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

5.3CVSS6.5AI score0.00953EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/22 9:55 p.m.•5 views

CVE-2022-24776

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known...

6.1CVSS6.8AI score0.00923EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/22 9:19 p.m.•6 views

CVE-2021-32805

Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious...

7.2CVSS6.7AI score0.007EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2025/05/22 6:30 p.m.•5 views

CVE-2021-29621

Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...

5.3CVSS6.8AI score0.03404EPSS
Exploits0References1
Veracode
Veracode
•added 2025/05/20 10:36 a.m.•9 views

Open Redirect

Flask-AppBuilder is vulnerable to Open Redirect. The vulnerability is due to improper validation of redirect targets due to trusting the Host header in HTTP requests without verifying it against a safe list of domains...

6.1CVSS4.5AI score0.00191EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
•added 2025/05/18 2:15 p.m.•9 views

CVE-2025-32962

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...

6.1CVSS6.8AI score0.00191EPSS
Exploits0References1
vulnersOsv
vulnersOsv
•added 2025/05/16 5:28 p.m.•4 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +250 more potentially affected by CVE-2025-32962 via flask-appbuilder (>=1.10.0 <=4.5.4)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.1.0a7 and more Source cves: CVE-2025-32962 Source advisory: OSV:GHSA-99PM-CH96-CCP2...

6.1CVSS5.7AI score0.00191EPSS
Exploits0
OSV
OSV
•added 2025/05/16 5:28 p.m.•7 views

GHSA-99PM-CH96-CCP2 Flask-AppBuilder open redirect vulnerability using HTTP host injection

Impact Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Patches Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS configuration variable, which allows administrators to explicit...

4.3CVSS6.7AI score0.00191EPSS
Exploits0References4
Github Security Blog
Github Security Blog
•added 2025/05/16 5:28 p.m.•12 views

Flask-AppBuilder open redirect vulnerability using HTTP host injection

Impact Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Patches Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS configuration variable, which allows administrators to explicit...

6.1CVSS6.8AI score0.00191EPSS
Exploits0References4Affected Software1
Snyk
Snyk
•added 2025/05/16 2:45 p.m.•1 views

Open Redirect

Overview Flask-AppBuilder is a simple and rapid application development framework, built on top of Flask. includes detailed security, auto CRUD generation for your models, google charts and much more. Affected versions of this package are vulnerable to Open Redirect through the manipulation of th...

6.1CVSS6.9AI score0.00191EPSS
Exploits0References2
vulnersOsv
vulnersOsv
•added 2025/05/16 2:45 p.m.•8 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +133 more potentially affected by CVE-2025-32962 via flask-appbuilder (>=4.1.2 <=4.5.4)

flask-appbuilder PYPI version =4.1.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.2.1, =0.4.0, =0.1.0a1, =0.8.2, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2025-32962 Source advisory: SNYK:PYTHON-FLASKAPPBUILDER-10182215...

6.1CVSS5.7AI score0.00191EPSS
Exploits0
NVD
NVD
•added 2025/05/16 2:15 p.m.•13 views

CVE-2025-32962

Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests. Flask-AppBuilder 4.6.2 introduced the FABSAFEREDIRECTHOSTS...

6.1CVSS0.00191EPSS
Exploits0References2
Rows per page
Query Builder