MaxHalford

1 exploit Active since Jul 2025
CVE-2025-43931 WRITEUP CRITICAL WRITEUP
flask-boilerplate <a170e7c - Auth Bypass
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVER_NAME is not configured and thus a reset depends on the Host HTTP header.
CVSS 9.8