Lucene search
K

204 matches found

Nuclei
Nuclei
added 10 hours ago16 views

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7AI score0.37366EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-345 Gradio allows users to access arbitrary files

Impact This vulnerability allows users of Gradio applications that have a public link such as on Hugging Face Spaces to access files on the machine hosting the Gradio application. This involves intercepting and modifying the network requests made by the Gradio app to the server. Patches Yes, the...

9.2CVSS7AI score0.85393EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/06/03 11:30 p.m.7 views

CVE-2026-10783

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

2.5CVSS5.2AI score0.00106EPSS
Exploits1References7Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/27 5:34 p.m.8 views

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-48545 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.10.0 Source cves: CVE-2026-48545 Source advisory: SNYK:PYTHON-GRADIO-16960000...

7.6CVSS5.7AI score0.0035EPSS
Exploits0
Snyk
Snyk
added 2026/05/27 5:34 p.m.12 views

Session Fixation

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Session Fixation via /proxy reverse proxy requests. A malicious HF Space can hijack user sessions and gain unauthorized access to other users'...

8CVSS5.8AI score0.0035EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 3:16 p.m.21 views

CVE-2026-48545

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS0.0035EPSS
Exploits0References5
CVE
CVE
added 2026/05/27 2:59 p.m.24 views

CVE-2026-48545

CVE-2026-48545 : Gradio before 6.15.0 is affected by a cookie injection vulnerability due to a shared module‑level HTTP client used by the reverse proxy endpoint. Attackers controlling any HF Space can return a parent‑domain cookie that the shared client stores and automatically replays into subs...

7.6CVSS5.9AI score0.0035EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/01 1:29 a.m.8 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1120 more potentially affected by CVE-2026-28415 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28415 Source advisory: OSV:GHSA-PFJF-5GXR-995X...

4.7CVSS5.7AI score0.00232EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/01 1:28 a.m.9 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1120 more potentially affected by CVE-2026-28414 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28414 Source advisory: OSV:GHSA-39MP-8HJ3-5C49...

7.5CVSS7.2AI score0.03095EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/01 1:0 a.m.10 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1039 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

gradio PYPI version =4.16.0, =0.2.2, =0.1.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2026-27167 Source advisory: OSV:GHSA-H3H8-3V2V-RG7M...

5.9CVSS5.7AI score0.00453EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/28 12:14 a.m.8 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +696 more potentially affected by CVE-2026-28415 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.0.3, =0.1.5, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28415 Source advisory: SNYK:PYTHON-GRADIO-15366398...

4.7CVSS5.7AI score0.00232EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/28 12:14 a.m.6 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +696 more potentially affected by CVE-2026-28416 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.0.3, =0.1.5, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28416 Source advisory: SNYK:PYTHON-GRADIO-15366414...

8.6CVSS5.7AI score0.00316EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/28 12:14 a.m.8 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +696 more potentially affected by CVE-2026-28414 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.0.3, =0.1.5, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28414 Source advisory: SNYK:PYTHON-GRADIO-15366417...

7.5CVSS7.2AI score0.03095EPSS
Exploits1
Snyk
Snyk
added 2026/02/28 12:14 a.m.5 views

Use of Hard-coded Credentials

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the login/huggingface route, which retrieves the server's Hugging Face access token using the huggingfacehub.gettok...

8.2CVSS5.9AI score0.00453EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/28 12:14 a.m.6 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +696 more potentially affected by CVE-2026-27167 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.0.3, =0.1.5, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-27167 Source advisory: SNYK:PYTHON-GRADIO-15366402...

5.9CVSS5.7AI score0.00453EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/27 10:16 p.m.7 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1120 more potentially affected by CVE-2026-28415 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28415 Source advisory: OSV:PYSEC-2026-65...

4.7CVSS5.7AI score0.00232EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/27 10:16 p.m.8 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1120 more potentially affected by CVE-2026-28416 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28416 Source advisory: OSV:PYSEC-2026-66...

8.6CVSS5.7AI score0.00316EPSS
Exploits0
OSV
OSV
added 2026/02/27 10:16 p.m.9 views

PYSEC-2026-64

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

7.5CVSS5.9AI score0.03095EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/02/27 10:16 p.m.8 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1120 more potentially affected by CVE-2026-28414 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28414 Source advisory: OSV:PYSEC-2026-64...

7.5CVSS7.2AI score0.03095EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/02/27 10:16 p.m.9 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1039 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

gradio PYPI version =4.16.0, =0.2.2, =0.1.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =1.2.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2026-27167 Source advisory: OSV:PYSEC-2026-63...

5.9CVSS5.7AI score0.00453EPSS
Exploits1
Rows per page
Query Builder