Lucene search
K

26 matches found

OSV
OSV
added 2026/04/29 8:45 a.m.4 views

BIT-MLFLOW-2025-15379 Command Injection in mlflow/mlflow

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS8.9AI score0.01994EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/30 9:31 a.m.11 views

MLflow Command Injection vulnerability

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS7.5AI score0.01994EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/30 7:16 a.m.3 views

CVE-2025-15379 Command Injection in mlflow/mlflow

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS6.2AI score0.01994EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:16 a.m.4 views

CVE-2025-15379

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS6.2AI score0.01994EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-22117

Malware in sbrugna...

5.4CVSS5.6AI score0.00945EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2025/05/22 8:37 p.m.3 views

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

5.4CVSS6.1AI score0.00945EPSS
Exploits4References1
BDU FSTEC
BDU FSTEC
added 2024/01/29 12:0 a.m.6 views

The vulnerability of the chroot environment manager used for creating RPM packages for Mock allows for arbitrary code execution due to insufficient input validation.

The vulnerability of the chroot environment manager used for creating RPM packages for Mock is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.6AI score0.01552EPSS
Exploits1References8Affected Software3
OSV
OSV
added 2022/05/24 5:8 p.m.16 views

GHSA-GMG2-3W6V-945P Password stored in plain text by Parasoft Environment Manager Plugin

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

4.3CVSS6.4AI score0.00852EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2021/06/28 12:0 a.m.195 views

SAS Environment Manager 2.5 Cross Site Scripting

Exploit Title: SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting XSS Date: 24/06/2021 Exploit Author: Luqman Hakim Zahari @ Saitamang Vendor Homepage: https://support.sas.com/en/software/environment-manager-support.html Version: 2.5 Tested on: CentOS 7 CVE : CVE-2021-35475...

0.00945EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/06/28 12:0 a.m.191 views

SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting (XSS)

Exploit Title: SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting XSS Date: 24/06/2021 Exploit Author: Luqman Hakim Zahari @ Saitamang Vendor Homepage: https://support.sas.com/en/software/environment-manager-support.html Version: 2.5 Tested on: CentOS 7 CVE : CVE-2021-35475...

5.4CVSS5.6AI score0.00945EPSS
Exploits4
0day.today
0day.today
added 2021/06/28 12:0 a.m.72 views

SAS Environment Manager 2.5 - (name) Stored Cross-Site Scripting Vulnerability

Exploit Title: SAS Environment Manager 2.5 - 'name' Stored Cross-Site Scripting XSS Exploit Author: Luqman Hakim Zahari @ Saitamang Vendor Homepage: https://support.sas.com/en/software/environment-manager-support.html Version: 2.5 Tested on: CentOS 7 CVE : CVE-2021-35475 Description SAS®...

5.4CVSS0.1AI score0.00945EPSS
Exploits4
NVD
NVD
added 2021/06/25 11:15 a.m.11 views

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

5.4CVSS0.00945EPSS
Exploits4References3
OSV
OSV
added 2021/06/25 11:15 a.m.7 views

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

5.4CVSS5.8AI score0.00945EPSS
Exploits4References3
Prion
Prion
added 2021/06/25 11:15 a.m.27 views

Cross site scripting

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

3.5CVSS5.2AI score0.00945EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2021/06/25 10:1 a.m.78 views

CVE-2021-35475

CVE-2021-35475 : SAS Environment Manager 2.5 is affected by a stored XSS via the Name field when creating or editing a server. The vulnerability arises from insufficient sanitization of the Name field, allowing injected scripts to execute, with the XSS trigger visible when editing Configuration P...

5.4CVSS5.2AI score0.00945EPSS
Exploits4References3Affected Software1
Cvelist
Cvelist
added 2021/06/25 10:1 a.m.19 views

CVE-2021-35475

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties...

5.5AI score0.00945EPSS
Exploits4References3
CNNVD
CNNVD
added 2021/06/25 12:0 a.m.13 views

SAS Environment Manager 跨站脚本漏洞

SAS Environment Manager is a web-based management solution for SAS environments from SAS, Inc. A security vulnerability exists in SAS Environment Manager that stems from SAS Environment Manager 2.5 allowing XSS to pass through the Name field when creating an edit server. An attacker could exploit...

5.4CVSS5.9AI score0.00945EPSS
Exploits4References4
CNVD
CNVD
added 2020/03/09 12:0 a.m.2 views

Unspecified Vulnerability in CloudBees Jenkins Parasoft Environment Manager Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . A security vulnerability exists in the CloudBees Jenkins Parasoft Environment Manager plug-in, which can be exploited by an attacker to gain read access or access...

6.5CVSS6.9AI score0.00852EPSS
Exploits0References1
NVD
NVD
added 2020/02/12 3:15 p.m.29 views

CVE-2020-2132

Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a password unencrypted in job config.xml files on the Jenkins master where it can be viewed by users with Extended Read permission, or access to the master file system...

6.5CVSS6.5AI score0.00852EPSS
Exploits0References2
CVE
CVE
added 2020/02/12 2:35 p.m.59 views

CVE-2020-2132

CVE-2020-2132 affects Jenkins Parasoft Environment Manager Plugin 2.14 and earlier. The vulnerability stems from passwords stored unencrypted in job config.xml on the Jenkins master, allowing access by users with Extended Read permission or those with master-file access. Impact described in sourc...

6.5CVSS6.4AI score0.00852EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder