Lucene search
+L

208 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1956

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00618EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-1966

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00618EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-18888

Malicious code in bioql PyPI...

5.8CVSS6.3AI score0.0037EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6836

Malicious code in bioql PyPI...

7.5CVSS5.8AI score0.00517EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2024-1979

Malicious code in bioql PyPI...

5.4CVSS5.5AI score0.00442EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6960

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00615EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-0156

Malicious code in bioql PyPI...

5.3CVSS5AI score0.00578EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-1934

Malicious code in bioql PyPI...

10CVSS9AI score0.02382EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2025/09/03 9:0 p.m.10 views

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +693 more potentially affected by CVE-2025-10279 via mlflow (>=3.0.0rc2 <=3.4.0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-10279 Source advisory: SNYK:PYTHON-MLFLOW-15170849...

7CVSS7AI score0.00215EPSS
Exploits1
GithubExploit
GithubExploit
added 2025/08/22 12:54 p.m.372 views

Exploit for Deserialization of Untrusted Data in Lfprojects Mlflow

| / || |...

8.8CVSS8.6AI score0.00703EPSS
Exploits5
OSV
OSV
added 2025/08/06 5:45 a.m.6 views

BIT-MLFLOW-2025-1473 CSRF in mlflow/mlflow

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

7.1CVSS5.2AI score0.00202EPSS
Exploits1References3
OSV
OSV
added 2025/08/06 5:45 a.m.25 views

BIT-MLFLOW-2024-8859 Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

7.5CVSS7.3AI score0.02484EPSS
Exploits1References3
Veracode
Veracode
added 2025/06/25 6:29 a.m.7 views

Server Side Request Forgery (SSRF)

mlflow is vulnerable to missing input validation. The vulnerability is due to missing validation of the gatewaypath parameter in the gatewayproxyhandler function, allowing an attacker to manipulate the request path to access unintended internal endpoints or services...

5.8CVSS7AI score0.0037EPSS
Exploits0References7Affected Software1
Huntr
Huntr
added 2025/06/25 6:25 a.m.9 views

SSRF in MLflow via user-controlled gateway_path parameter

Description A Server-Side Request Forgery SSRF vulnerability exists in the gatewayproxyhandler function of MLflow. This function accepts a user-controlled gatewaypath parameter and concatenates it directly with a targeturi, allowing an attacker to control the full outbound HTTP request path from...

5.8CVSS7.1AI score0.0037EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/06/23 3:31 p.m.9 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +217 more potentially affected by CVE-2025-52967 via mlflow (>=0.8.2 <=2.22.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-52967 Source advisory: OSV:GHSA-WXJ7-3FX5-PP9M...

5.8CVSS7AI score0.0037EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/06/23 3:31 p.m.9 views

MLFlow SSRF via gateway_proxy_handler

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS5.6AI score0.0037EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/06/23 3:31 p.m.4 views

GHSA-WXJ7-3FX5-PP9M MLFlow SSRF via gateway_proxy_handler

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS7.1AI score0.0037EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.3 views

PT-2025-26607

Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 3.1.0 Description: The issue is related to the gateway proxy handler in MLflow, which lacks gateway path validation. This could potentially lead to exploitation. Recommendations: For versions prior to 3.1.0, update to...

7.5CVSS6.4AI score0.0037EPSS
Exploits0References15
Cvelist
Cvelist
added 2025/06/23 12:0 a.m.9 views

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS0.0037EPSS
Exploits0References3
OSV
OSV
added 2025/06/23 12:0 a.m.3 views

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS7.1AI score0.0037EPSS
Exploits0References5
Rows per page
Query Builder