Lucene search
K

879 matches found

Nuclei
Nuclei
added yesterday110 views

Gradio Hugging Face - Local File Inclusion

Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio 3.33 id: CVE-2023-51449 info: name: Gradio Hugging Face - Local File Inclusion author: nvn1729 severity: high description: | Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works...

7.5CVSS7AI score0.0228EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday61 views

Gradio - Open Redirect

Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application. id: CVE-2024-8021 info: name: Gradio - Open Redirect author: DhiyaneshDK severity: medium description: | Gradio...

6.1CVSS6.2AI score0.00723EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday64 views

Gradio - Server Side Request Forgery

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

6.5CVSS6.7AI score0.01784EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday52 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS6.3AI score0.01021EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday109 views

Gradio 4.3-4.12 - Local File Read

Local file read by calling arbitrary methods of Components class between Gradio versions 4.3-4.12 id: CVE-2024-1561 info: name: Gradio 4.3-4.12 - Local File Read author: nvn1729,Diablo severity: high description: | Local file read by calling arbitrary methods of Components class between Gradio...

7.5CVSS7AI score0.09239EPSS
Exploits4References6
Nuclei
Nuclei
added yesterday16 views

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7AI score0.37366EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday72 views

Gradio - Absolute Path Traversal

Gradio 6.7 on Windows with Python 3.13+ contains an absolute path traversal caused by incorrect path validation in path joining logic, letting unauthenticated attackers read arbitrary files from the server. id: CVE-2026-28414 info: name: Gradio - Absolute Path Traversal author: 0xAkoko severity:...

7.5CVSS7.1AI score0.03095EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday100 views

Gradio < 2.5.0 - Arbitrary File Read

Files on the host computer can be accessed from the Gradio interface id: CVE-2021-43831 info: name: Gradio 2.5.0 - Arbitrary File Read author: isacaya severity: high description: | Files on the host computer can be accessed from the Gradio interface impact: | An attacker would be able to view the...

7.7CVSS7AI score0.03794EPSS
Exploits1References2
NVD
NVD
added 6 days ago7 views

CVE-2026-59806

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the filefetch function in the /gradioapi/file= endpoint. Attackers can cra...

7.4CVSS0.00247EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-59806 Gradio < 6.20.0 - Open Redirect and SSRF via /gradio_api/file= endpoint

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the filefetch function in the /gradioapi/file= endpoint. Attackers can cra...

7.4CVSS0.00247EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42376

Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that allows attackers to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to the filefetch function in the /gradioapi/file= endpoint. Attackers can cra...

7.4CVSS6AI score0.00247EPSS
Exploits0References5
CVE
CVE
added 6 days ago8 views

CVE-2026-59806

Gradio before 6.20.0 is affected by an open redirect and server-side request forgery via the /gradio_api/file= endpoint, allowing an attacker to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to file_fetch(). Attackers could craft a malicious...

7.4CVSS6AI score0.00247EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56568

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.20.0 Description An open redirect and server-side request forgery SSRF issue exists where attackers can redirect users to arbitrary URLs or perform client-side SSRF. This occurs when unvalidated HTTP/HTTPS URLs are...

7.4CVSS6.2AI score0.00247EPSS
Exploits0References8
Nuclei
Nuclei
added last week400 views

Gradio > 4.19.1 UploadButton - Path Traversal

gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. id: CVE-2024-1728 info: name: Gradio 4.19.1 UploadButton - Path Traversal author: isacaya severity: high description: | gradio-app/gradio is...

7.5CVSS7AI score0.85393EPSS
Exploits2References3
NVD
NVD
added 2026/07/01 7:16 p.m.6 views

CVE-2026-49119

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS0.0069EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:30 p.m.8 views

CVE-2026-49119

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS5.9AI score0.0069EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 6:30 p.m.18 views

CVE-2026-49119

Gradio

8.7CVSS5.9AI score0.0069EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/07/01 6:30 p.m.33 views

CVE-2026-49119 Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS0.0069EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 6:30 p.m.4 views

CVE-2026-49119 Gradio < 6.16.0 Path Traversal via FileExplorer.preprocess()

Gradio before 6.16.0 contain a path traversal vulnerability in the FileExplorer component's preprocess method that allows unauthenticated attackers to escape the configured root directory by supplying path segments containing directory traversal sequences or absolute paths. Attackers can provide...

8.7CVSS6.1AI score0.0069EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54771

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.16.0 Description A path traversal issue exists in the preprocess function of the FileExplorer component. Unauthenticated attackers can escape the configured root directory by providing path segments that include...

8.7CVSS6.1AI score0.0069EPSS
Exploits0References7
Rows per page
Query Builder