Lucene search
+L

4 matches found

cve
cve
added 2026/05/21 3:49 a.m.30 views

CVE-2026-2734

Summary : For mlflow/mlflow up to version 3.9.0, the REST endpoint GET /api/2.0/mlflow/model-versions/search and the GraphQL query mlflowSearchModelVersions lack per-model authorization when basic auth is enabled. This results in any authenticated user being able to enumerate all model versions a...

6.5CVSS6.5AI score0.00441EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/05/21 3:49 a.m.6 views

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS6.5AI score0.00441EPSS
Exploits1References4
cnnvd
cnnvd
added 2026/02/27 12:0 a.m.11 views

Foreman 信息泄露漏洞

Foreman is a set of open-source tools developed by Foreman for lifecycle management in physical and virtual servers. This tool provides functions such as service activation, configuration management, and reporting status. Foreman has a vulnerability related to information leakage, which stems fro...

6.5CVSS5.8AI score0.00348EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2025/09/01 12:0 a.m.5 views

PT-2025-37109

Name of the Vulnerable Software and Affected Versions Foreman affected versions not specified Description An authorization issue exists in Foreman’s GraphQL API. Low-privileged users can access metadata that they should not be able to view. The GraphQL endpoint does not enforce access controls...

5CVSS5.9AI score0.00348EPSS
Exploits0References10
Rows per page
Query Builder