Joomla! Component Sweetykeeper 1.5 - Local File Inclusion

A directory traversal vulnerability in the Sweety Keeper comsweetykeeper component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1474 info: name: Joomla! Compone...

CVE-2026-1474

creationtimestamp| type| source ---|---|--- 2026-01-27 19:16:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdghuozbou2n...

CVE-2025-1474

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

CVE-2022-1474

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting...

api-python-bet-project (>=0.1.9 <=0.1.22), argosml (>=0.0.1 <=0.1.3) +60 more potentially affected by CVE-2025-1474 via mlflow (>=2.0.0rc0 <=2.19.0)

mlflow PYPI version =2.0.0rc0, =0.1.9, =0.0.1, =0.1.3, =1.2.0, =0.8.0, =0.0.10, =0.1.2370984012, =0.0.41, =1.6.0, =0.14.0, =0.14.0, =0.14.0, =0.14.2 and more Source cves: CVE-2025-1474 Source advisory: SNYK:PYTHON-MLFLOW-9486737...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +190 more potentially affected by CVE-2025-1474 via mlflow (>=0.8.2 <=2.18.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.0.1, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =3.3.0 and more Source cves: CVE-2025-1474 Source advisory: OSV:GHSA-4RJ2-9GCX-5QHX...

CVE-2025-1474

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

CVE-2025-1474

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +190 more potentially affected by CVE-2025-1474 via mlflow (>=0.8.2 <=2.18.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.0.1, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =3.3.0 and more Source cves: CVE-2025-1474 Source advisory: OSV:PYSEC-2025-17...

CVE-2025-1474 Weak Password Requirements in mlflow/mlflow

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

CVE-2023-1474

creationtimestamp| type| source ---|---|--- 2025-02-26 19:24:05+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5576...

CVE-2019-1474

creationtimestamp| type| source ---|---|--- 2024-03-09 14:46:28+00:00| seen| https://t.me/ctinow/203954...

CVE-2024-1474

creationtimestamp| type| source ---|---|--- 2024-02-21 17:22:07+00:00| seen| https://t.me/ctinow/189794 2024-02-21 17:31:27+00:00| seen| https://t.me/ctinow/189808 2024-02-22 19:12:57+00:00| seen| https://t.me/arpsyndicate/4008 2024-03-13 09:11:50+00:00| seen| https://t.me/ctinow/206478...

CVE-2024-1474

In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...

CVE-2024-1474 WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface

In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...

CVE-2024-1474 WS_FTP Server Reflected Cross-Site Scripting in Administrative Interface

In WSFTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WSFTP Server administrative interface...

CVE-2024-1474

WS_FTP Server prior to 8.8.5 is affected by reflected cross-site scripting in the administrative interface, arising from handling of various user-supplied inputs. The issue is documented across multiple sources as a vulnerability in WS_FTP Server versions before 8.8.5. A remediation action is to ...

CVE-2023-1474

CVE-2023-1474 affects SourceCodester Automatic Question Paper Generator System 1.0, specifically the GET Parameter Handler in users/question_papers/manage_question_paper.php. The root cause is improper handling of the id parameter, enabling SQL injection remotely; exploits have been disclosed pub...

CVE-2023-1474 SourceCodester Automatic Question Paper Generator System GET Parameter manage_question_paper.php sql injection

A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/questionpapers/managequestionpaper.php of the component GET Parameter Handler. The manipulation of the argument id leads to s...

CVE-2023-1474 SourceCodester Automatic Question Paper Generator System GET Parameter manage_question_paper.php sql injection

A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/questionpapers/managequestionpaper.php of the component GET Parameter Handler. The manipulation of the argument id leads to s...