Lucene search
K

13 matches found

Veracode
Veracode
added 2025/10/22 3:44 a.m.8 views

Improper Access Control

flaskappbuilder is vulnerable to improper access control. The vulnerability is due to the password reset endpoint remaining accessible when using OAuth, LDAP, or other non-database authentication methods, which allows an attacker to reset passwords and create valid JWT tokens even for disabled us...

6.5CVSS7.3AI score0.00376EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/13 6:26 p.m.14 views

CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 6:15 p.m.6 views

CVE-2025-58065

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS0.00376EPSS
Exploits0References4
CVE
CVE
added 2025/09/11 5:55 p.m.122 views

CVE-2025-58065

CVE-2025-58065 (Flask-AppBuilder) : Prior to v4.8.1, when using non-database authentication (OAuth/LDAP, etc.), the password reset endpoint remains registered and accessible even if not shown in the UI. This can let an enabled user reset their password and obtain JWTs, potentially bypassing deact...

6.5CVSS6.8AI score0.00376EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/09/11 5:55 p.m.11 views

CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS0.00376EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/11 5:55 p.m.8 views

CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS6.7AI score0.00376EPSS
Exploits0References4
OSV
OSV
added 2025/09/11 5:55 p.m.7 views

CVE-2025-58065 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Flask-AppBuilder is an application development framework. Prior to version 4.8.1, when Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface...

6.5CVSS6.8AI score0.00376EPSS
Exploits0References6
OSV
OSV
added 2025/09/11 4:51 p.m.3 views

GHSA-765J-9R45-W2Q2 Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/09/11 4:51 p.m.13 views

Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

Impact When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.6 views

Flask App Builder 授权问题漏洞

Flask App Builder is a simple and fast application development framework by Daniel Vaz Gaspar Personal Developer. An authorization issue vulnerability exists in Flask App Builder versions prior to 4.8.1, which stems from not disabling the password reset feature when using a non-database...

6.5CVSS6.7AI score0.00376EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/11 12:0 a.m.12 views

Flask App Builder has an Authentication Bypass vulnerability when using non AUTH_DB methods

When Flask-AppBuilder is configured to use OAuth, LDAP, or other non-database authentication methods, the password reset endpoint remains registered and accessible, despite not being displayed in the user interface. This allows an enabled user to reset their password and be able to create JWT...

6.5CVSS7.2AI score0.00376EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2021/12/09 4:40 p.m.31 views

CVE-2021-41265

Removed by vendor...

8.8CVSS8.7AI score0.0125EPSS
Exploits0
OSV
OSV
added 2017/11/24 5:29 a.m.2 views

UBUNTU-CVE-2016-10700

authlogin.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for...

8.8CVSS7.3AI score0.02488EPSS
Exploits0References6
Rows per page
Query Builder