CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

203 matches found

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7.2AI score0.37366EPSS

Exploits1References2

ATTACKERKB•added 2026/06/03 11:30 p.m.•5 views

CVE-2026-10783

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

2.5CVSS5.2AI score0.00086EPSS

Exploits1References7Affected Software1

vulnersOsv•added 2026/05/27 5:34 p.m.•5 views

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-48545 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.9.0 Source cves: CVE-2026-48545 Source advisory: SNYK:PYTHON-GRADIO-16960000...

7.6CVSS5.5AI score0.00355EPSS

Exploits0

Snyk•added 2026/05/27 5:34 p.m.•10 views

Session Fixation

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Session Fixation via /proxy reverse proxy requests. A malicious HF Space can hijack user sessions and gain unauthorized access to other users'...

8CVSS5.8AI score0.00355EPSS

Exploits0References2

NVD•added 2026/05/27 3:16 p.m.•16 views

CVE-2026-48545

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS0.00355EPSS

Exploits0References5

CVE•added 2026/05/27 2:59 p.m.•12 views

CVE-2026-48545

CVE-2026-48545 : Gradio before 6.15.0 is affected by a cookie injection vulnerability due to a shared module‑level HTTP client used by the reverse proxy endpoint. Attackers controlling any HF Space can return a parent‑domain cookie that the shared client stores and automatically replays into subs...

7.6CVSS5.9AI score0.00355EPSS

Exploits0References5Affected Software1

vulnersOsv•added 2026/03/01 1:29 a.m.•5 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28415 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.2.5, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28415 Source advisory: OSV:GHSA-PFJF-5GXR-995X...

4.7CVSS5.4AI score0.00232EPSS

Exploits0

vulnersOsv•added 2026/03/01 1:28 a.m.•4 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28414 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.2.5, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28414 Source advisory: OSV:GHSA-39MP-8HJ3-5C49...

7.5CVSS7.7AI score0.03095EPSS

Exploits1

vulnersOsv•added 2026/03/01 1:0 a.m.•5 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1035 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

gradio PYPI version =4.16.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2026-27167 Source advisory: OSV:GHSA-H3H8-3V2V-RG7M...

5.9CVSS5.4AI score0.00453EPSS

Exploits1

vulnersOsv•added 2026/02/28 12:14 a.m.•3 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-28415 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28415 Source advisory: SNYK:PYTHON-GRADIO-15366398...

4.7CVSS5.4AI score0.00232EPSS

Exploits0

vulnersOsv•added 2026/02/28 12:14 a.m.•4 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-28416 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28416 Source advisory: SNYK:PYTHON-GRADIO-15366414...

8.6CVSS5.4AI score0.00316EPSS

Exploits0

vulnersOsv•added 2026/02/28 12:14 a.m.•4 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-28414 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28414 Source advisory: SNYK:PYTHON-GRADIO-15366417...

7.5CVSS7.7AI score0.03095EPSS

Exploits1

vulnersOsv•added 2026/02/28 12:14 a.m.•3 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-27167 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-27167 Source advisory: SNYK:PYTHON-GRADIO-15366402...

5.9CVSS5.4AI score0.00453EPSS

Exploits1

Snyk•added 2026/02/28 12:14 a.m.•4 views

Use of Hard-coded Credentials

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the login/huggingface route, which retrieves the server's Hugging Face access token using the huggingfacehub.gettok...

8.2CVSS5.9AI score0.00453EPSS

Exploits1References2

vulnersOsv•added 2026/02/27 10:16 p.m.•5 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28415 via gradio (>=1.7.7 <=6.4.0)

4.7CVSS5.4AI score0.00232EPSS

Exploits0

vulnersOsv•added 2026/02/27 10:16 p.m.•4 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28416 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.2.5, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28416 Source advisory: OSV:PYSEC-2026-66...

8.6CVSS5.4AI score0.00316EPSS

Exploits0

vulnersOsv•added 2026/02/27 10:16 p.m.•5 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28414 via gradio (>=1.7.7 <=6.4.0)

7.5CVSS7.7AI score0.03095EPSS

Exploits1

OSV•added 2026/02/27 10:16 p.m.•6 views

PYSEC-2026-64

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

7.5CVSS5.9AI score0.03095EPSS

Exploits1References1

vulnersOsv•added 2026/02/27 10:16 p.m.•7 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1035 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

5.9CVSS5.4AI score0.00453EPSS

Exploits1

CVE•added 2026/02/27 9:47 p.m.•17 views

CVE-2026-28416

Gradio prior to v6.6.0 is affected by an SSRF in gr.load() via a malicious Space that causes the config-provided proxy_url to be trusted and added to the allowlist. An attacker can trigger arbitrary HTTP requests from the victim’s server to internal services, cloud metadata endpoints, and private...

8.6CVSS6AI score0.00316EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by