CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1231 matches found

vulnersOsv•added 2025/10/29 9:30 p.m.•4 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +219 more potentially affected by CVE-2025-11201 via mlflow (>=0.8.2 <=2.22.2)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-11201 Source advisory: OSV:GHSA-5CVJ-7RG6-JGGJ...

9.8CVSS7.4AI score0.25044EPSS

Exploits0

EUVD•added 2025/10/29 9:30 p.m.•2 views

EUVD-2025-36707

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw...

8.1CVSS7.3AI score0.25044EPSS

Exploits0References3

OSV•added 2025/10/29 9:30 p.m.•2 views

GHSA-5CVJ-7RG6-JGGJ MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

8.1CVSS7.9AI score0.25044EPSS

Exploits0References6

vulnersOsv•added 2025/10/29 8:43 p.m.•1 views

ai-24sea (>=0.1.0 <=1.0.0), api-python-bet-project (>=0.1.9 <=0.1.28) +80 more potentially affected by CVE-2025-11200 via mlflow (>=2.0.0rc0 <=2.22.0)

mlflow PYPI version =2.0.0rc0, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.3, =1.2.0, =0.1.0, =0.0.10, =0.8.0, =0.0.10, =0.1.2370984012, =0.1.2578145135 and more Source cves: CVE-2025-11200 Source advisory: SNYK:PYTHON-MLFLOW-13774639...

9.8CVSS7.4AI score0.01365EPSS

Exploits0

Snyk•added 2025/10/29 8:43 p.m.•6 views

Weak Password Requirements

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Weak Password Requirements due to allowing password strings shorte...

9.8CVSS8.3AI score0.01365EPSS

Exploits0References2

Snyk•added 2025/10/29 8:43 p.m.•4 views

Directory Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Directory Traversal via improper validation of user-supplied paths...

9.8CVSS8.4AI score0.25044EPSS

Exploits0References2

OSV•added 2025/10/29 8:15 p.m.•2 views

CVE-2025-11201

9.8CVSS7.9AI score

Exploits0References2

NVD•added 2025/10/29 8:15 p.m.•8 views

CVE-2025-11200

MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords...

9.8CVSS0.01365EPSS

Exploits0References2

NVD•added 2025/10/29 8:15 p.m.•3 views

CVE-2025-11201

9.8CVSS0.25044EPSS

Exploits0References2

OSV•added 2025/10/29 8:15 p.m.•3 views

CVE-2025-11200

9.8CVSS7.2AI score

Exploits0References2

Cvelist•added 2025/10/29 7:42 p.m.•8 views

CVE-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability

8.1CVSS0.01365EPSS

Exploits0References2

CVE•added 2025/10/29 7:42 p.m.•21 views

CVE-2025-11200

CVE-2025-11200 corresponds to a MLflow weakness where weak password requirements allow remote authentication bypass. The connected IBM bulletin and OSV/NVD listings confirm the vulnerability in MLflow with a “Weak Password Requirements” description, citing ZDI-CAN-26916 as the related disclosure ...

9.8CVSS8.3AI score0.01365EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/10/29 7:42 p.m.•3 views

CVE-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability

8.1CVSS6.8AI score0.01365EPSS

Exploits0References2

CVE•added 2025/10/29 7:37 p.m.•27 views

CVE-2025-11201

CVE-2025-11201 is a Directory Traversal leading to Remote Code Execution in MLflow Tracking Server. The flaw arises from improper validation of a user-supplied model file path, allowing an attacker to execute code with the service account via crafted paths over the network without authentication....

9.8CVSS8.3AI score0.25044EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2025/10/29 7:37 p.m.•2 views

CVE-2025-11201 MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

8.1CVSS7.5AI score0.25044EPSS

Exploits0References2

Cvelist•added 2025/10/29 7:37 p.m.•8 views

CVE-2025-11201 MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

8.1CVSS0.25044EPSS

Exploits0References2

CNNVD•added 2025/10/29 12:0 a.m.•3 views

MLflow 安全漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. MLflow suffers from a security vulnerability that stems from weak password requirements that could lea...

9.8CVSS8.1AI score0.01365EPSS

Exploits0References2

CNNVD•added 2025/10/29 12:0 a.m.•3 views

MLflow 路径遍历漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. MLflow suffers from a path traversal vulnerability that stems from improper handling of model file...

9.8CVSS8.3AI score0.25044EPSS

Exploits0References2