Lucene search
+L

6 matches found

OSV
OSV
added 2026/04/16 11:44 p.m.6 views

BIT-MLFLOW-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

8.1CVSS7.3AI score0.00193EPSS
Exploits1References3
NVD
NVD
added 2026/01/08 10:15 a.m.7 views

CVE-2026-21872

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...

6.1CVSS0.00238EPSS
Exploits1References2
NVD
NVD
added 2026/01/08 10:15 a.m.14 views

CVE-2026-21871

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...

6.1CVSS0.00243EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/12 9:16 p.m.12 views

CVE-2025-61665

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Broken Access Control vulnerability, identified in the getrelatoriossocios.php endpoint. This vulnerability allows unauthenticated attackers to directly access sensitive personal and...

8.7CVSS6.8AI score0.00446EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/03 8:57 p.m.14 views

CVE-2025-61603

WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...

9.4CVSS8.2AI score0.00397EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/05/19 4:33 p.m.7 views

WordPress Cost Calculator Builder plugin <= 3.2.74 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Krugov Artyom in WordPress Plugin Cost Calculator Builder versions = 3.2.74...

5.9CVSS6AI score0.00183EPSS
Exploits0Affected Software1
Rows per page
Query Builder