Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
flask-appbuilder project flask-appbuilder vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-29005
Flask-AppBuilder versions prior to 4.3.0 lack rate limiting which can allow an malicious user to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`...
Flask-appbuilder Project Flask-appbuilder
516
VMScore
CVE-2022-24776
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are curre...
Flask-appbuilder Project Flask-appbuilder
578
VMScore
CVE-2021-41265
Flask-AppBuilder is a development framework built on top of Flask. Verions before 3.3.4 contain an improper authentication vulnerability in the REST API. The issue allows for a malicious actor with a carefully crafted request to successfully authenticate and gain access to existi...
Flask-appbuilder Project Flask-appbuilder
516
VMScore
CVE-2021-32805
Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user ...
Flask-appbuilder Project Flask-appbuilder
NA
CVE-2023-34110
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back t...
Flask-appbuilder Project Flask-appbuilder
446
VMScore
CVE-2022-21659
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time...
Flask-appbuilder Project Flask-appbuilder
NA
CVE-2022-31177
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions before 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password...
Flask-appbuilder Project Flask-appbuilder
445
VMScore
CVE-2021-29621
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in....
Flask-appbuilder Project Flask-appbuilder
Apache Airflow 1.10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started