CVE-2026-0545 vulnerabilities

Vulnerabilities for packages: mlflow-fips, mlflow...

CVE-2026-0545

creationtimestamp| type| source ---|---|--- 2026-04-03 18:55:51+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mimfityqht2i 2026-04-03 19:24:00+00:00| published-proof-of-concept| Telegram/l2CWtN20f6D8WOiAClhqJgrdc6BQljDZCBDw2ZgpHM67Hss 2026-04-04 06:00:22+00:00| seen|...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +912 more potentially affected by CVE-2026-0545 via mlflow (>=0.8.2 <=3.9.0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =0.1.0, =0.2.1 and more Source cves: CVE-2026-0545 Source advisory: SNYK:PYTHON-MLFLOW-15922301...

CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

RockyLinux 10 : podman (RLSA-2026:0545)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0545 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the precedi...

Oracle Linux 10 : podman (ELSA-2026-0545)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0545 advisory. - fixes 'CVE-2025-47913 podman: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS rhel-10.1.z' Tenable has extracted the...

CVE-2010-0545

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations...

CVE-2021-0545

In phNxpNciHalprintresstatus of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product:...

blender-5.0-5.0.0-1.1 on GA media (moderate)

blender-5.0-5.0.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15756-1 Rating: moderate Cross-References: CVE-2022-0544 CVE-2022-0545 CVE-2022-0546 Affected Products: openSUSE Tumbleweed An update that solves 3 vulnerabilities can now be installed. Description: These are all security issues...

CVE-2023-0545

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-0545

creationtimestamp| type| source ---|---|--- 2025-02-24 16:17:15+00:00| seen| https://t.me/cvedetector/18795 2025-02-24 17:21:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5184...

CVE-2025-0545

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting XSS.This issue affects T-Soft E-Commerce: before v5...

CVE-2025-0545 XSS in Tekrom Technology's T-Soft E-Commerce

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting XSS.This issue affects T-Soft E-Commerce: before v5...

CVE-2023-0545

creationtimestamp| type| source ---|---|--- 2025-01-08 17:12:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/733...

Photon OS 3.0: Haproxy PHSA-2023-3.0-0545

An update of the haproxy package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0545. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 3.0: Nodejs PHSA-2023-3.0-0545

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-3.0-0545. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Photon OS 4.0: Openssh PHSA-2024-4.0-0545

An update of the openssh package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-4.0-0545. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2024-0545

A vulnerability classified as problematic was found in CodeCanyon RISE Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiate...

CVE-2024-0545

The CVE-2024-0545 entry concerns CodeCanyon RISE Rise Ultimate Project Manager version 3.5.3. The vulnerability is an open redirect in the /index.php/signin endpoint caused by manipulation of the redirect parameter to an external URL (e.g., http://evil.com). Remote exploitation is possible and th...