Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1231 matches found

OSV
OSVadded 2024/06/04 12:15 p.m.1 views

CVE-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6AI score0.00697EPSS
Exploits5References1
NVD
NVDadded 2024/06/04 12:15 p.m.25 views

CVE-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00697EPSS
Exploits5References1
NVD
NVDadded 2024/06/04 12:15 p.m.13 views

CVE-2024-37055

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
NVD
NVDadded 2024/06/04 12:15 p.m.16 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
NVD
NVDadded 2024/06/04 12:15 p.m.14 views

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Wolfi
Wolfiadded 2024/06/04 12:15 p.m.31 views

CVE-2024-37052 vulnerabilities

Vulnerabilities for packages: mlflow...

8.8CVSS7.2AI score0.00623EPSS
Exploits1
Wolfi
Wolfiadded 2024/06/04 12:15 p.m.19 views

CVE-2024-37053 vulnerabilities

Vulnerabilities for packages: mlflow...

8.8CVSS7.2AI score0.00618EPSS
Exploits1
OSV
OSVadded 2024/06/04 12:15 p.m.2 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6AI score0.00618EPSS
Exploits1References1
OSV
OSVadded 2024/06/04 12:15 p.m.2 views

CVE-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS6AI score0.00623EPSS
Exploits1References1
NVD
NVDadded 2024/06/04 12:15 p.m.16 views

CVE-2024-37053

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
NVD
NVDadded 2024/06/04 12:15 p.m.16 views

CVE-2024-37052

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00623EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/06/04 12:2 p.m.19 views

CVE-2024-37061

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...

8.8CVSS9.1AI score0.00884EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/06/04 12:2 p.m.20 views

CVE-2024-37061

Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run...

8.8CVSS9.1AI score0.00884EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/06/04 12:2 p.m.26 views

CVE-2024-37060

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...

8.8CVSS8.9AI score0.00769EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/06/04 12:1 p.m.20 views

CVE-2024-37059

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/06/04 12:1 p.m.18 views

CVE-2024-37058

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/06/04 12:1 p.m.20 views

CVE-2024-37058

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/06/04 12:1 p.m.12 views

CVE-2024-37057

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS7.2AI score0.00618EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/06/04 12:1 p.m.23 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelistadded 2024/06/04 12:1 p.m.20 views

CVE-2024-37056

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.8AI score0.00618EPSS
Exploits1References1
Rows per page
Query Builder