4191 matches found
CVE-2026-42997
A flaw was found in OpenStack Ironic. During the import process, a user invoking molds can request that authorization credentials be sent to a remote endpoint. This can lead to the disclosure of a time-limited Keystone token, which grants access to OpenStack services Ironic is authorized for, or...
ROOT-APP-NPM-CVE-2026-39983 CVE-2026-39983 in @rootio/basic-ftp - Patched by Root
Root has patched CVE-2026-39983 in the @rootio/basic-ftp package for Root:npm. Multiple fixed versions available...
Insertion of Sensitive Information Into Sent Data
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the apikey...
CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...
EUVD-2026-34068
A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...
CVE-2026-5078
Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...
CVE-2021-4478
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...
CVE-2021-4478
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...
CVE-2021-4478 Dräger CC-Vision Basic and CC-Vision E-Cal Out-of-Bounds Write via Malicious GDT File
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...
CVE-2021-4478
Dräger CC-Vision Basic prior to 7.5.3 and CC-Vision E-Cal prior to 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during parsing, potentially crashing the application or allowing code execution on the host. The avail...
EUVD-2021-34844
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...
CVE-2021-4478 Dräger CC-Vision Basic and CC-Vision E-Cal Out-of-Bounds Write via Malicious GDT File
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...
CVE-2026-3198
MLflow 3.9.0 with basic-auth --app-name basic-auth fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the BEFOREREQUESTHANDLERS dictionary in mlflow/server/auth/init.py does not include entries for ListGatewaySecretInfos, ListGatewayEndpoints, and...
CVE-2026-3198 Improper Access Control in mlflow/mlflow
MLflow 3.9.0 with basic-auth --app-name basic-auth fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the BEFOREREQUESTHANDLERS dictionary in mlflow/server/auth/init.py does not include entries for ListGatewaySecretInfos, ListGatewayEndpoints, and...
CVE-2026-3198
MLflow 3.9.0 with basic-auth --app-name basic-auth fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the BEFOREREQUESTHANDLERS dictionary in mlflow/server/auth/init.py does not include entries for ListGatewaySecretInfos, ListGatewayEndpoints, and...
CVE-2026-3198 Improper Access Control in mlflow/mlflow
MLflow 3.9.0 with basic-auth --app-name basic-auth fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the BEFOREREQUESTHANDLERS dictionary in mlflow/server/auth/init.py does not include entries for ListGatewaySecretInfos, ListGatewayEndpoints, and...
Direct Request ('Forced Browsing')
Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Direct Request 'Forced Browsing' in the Gateway API endpoints due ...
PT-2026-45814
Name of the Vulnerable Software and Affected Versions Dräger CC-Vision Basic versions prior to 7.5.3 Dräger CC-Vision E-Cal versions prior to 7.2.5.0 Description An out-of-bounds write occurs when loading .gdt files. A specially crafted .gdt file can trigger a buffer overflow during file parsing,...
Dräger CC-Vision Basic和Dräger CC-Vision E-Cal 缓冲区错误漏洞
Dräger CC-Vision Basic and Dräger CC-Vision E-Cal are products of the German company Dräger. Dräger CC-Vision Basic is a portable gas detector with configuration and maintenance software. Dräger CC-Vision E-Cal is a gas detection device with electronic calibration and configuration management...
CVE-2026-45690
A flaw was found in Nextcloud Server. This vulnerability allows a remote attacker, with knowledge of a user's password, to bypass two-factor authentication 2FA protections. When a user attempts to log in with valid credentials on a 2FA-enabled account, a temporary session token is generated befor...