1919 matches found
EUVD-2025-32453
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...
GHSA-Q92X-2X5G-H365 ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...
ZenML is vulnerable to Path Traversal through its `PathMaterializer` class
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...
CVE-2025-8406
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...
CVE-2025-8406 Path Traversal in zenml-io/zenml
ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...
CVE-2025-8406
ZenML 0.83.1 is affected by a path traversal flaw in PathMaterializer during data.tar.gz extraction; is_path_within_directory fails to catch symbolic/hard links, enabling arbitrary file writes and potential command execution if critical files are overwritten. Remediation present in connected docs...
CVE-2025-10582
The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...
CVE-2025-9199
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
CVE-2025-9200
The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...
EUVD-2023-59120
Malicious code in bioql PyPI...
EUVD-2025-18162
Malicious code in bioql PyPI...
EUVD-2025-6681
Malicious code in bioql PyPI...
EUVD-2025-6411
Malicious code in bioql PyPI...
EUVD-2024-16499
Malicious code in bioql PyPI...
EUVD-2025-6408
Malicious code in bioql PyPI...
EUVD-2024-54058
Malicious code in bioql PyPI...
EUVD-2024-54161
Malicious code in bioql PyPI...
EUVD-2025-7403
Malicious code in bioql PyPI...
EUVD-2025-7389
Malicious code in bioql PyPI...
EUVD-2025-5889
Malicious code in bioql PyPI...