29 matches found
CVE-2026-7712 MindsDB Pickle pickle.loads deserialization
A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vend...
PYSEC-2026-91
A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clearfilename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The...
MindsDB 安全漏洞
MindsDB is a joint query engine designed by MindsDB Corporation, specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 25.14.1 and earlier contained a security vulnerability. This vulnerability stemmed from incorrect...
CVE-2022-23522
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...
EUVD-2023-0148
Malicious code in bioql PyPI...
EUVD-2023-0147
Malicious code in bioql PyPI...
EUVD-2024-2774
Malicious code in bioql PyPI...
EUVD-2024-0108
Malicious code in bioql PyPI...
EUVD-2023-0149
Malicious code in bioql PyPI...
EUVD-2024-0106
Malicious code in bioql PyPI...
EUVD-2024-0109
Malicious code in bioql PyPI...
EUVD-2024-0105
Malicious code in bioql PyPI...
CVE-2023-30620
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...
CVE-2024-45853
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction...
CVE-2024-45850
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...
CVE-2024-45849
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...
CVE-2024-45847
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...
CVE-2024-24759
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contai...
Deserialization Of Untrusted Data
MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of pickle objects in the predict method of ModelWrapperUnsafe class within byomhandler.py, allowing execution of arbitrary code when deserializing a malicious pickle object...
Deserialization Of Untrusted Data
MindsDB is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to improper handling of data with pickle.loads in the describe method within byomhandler.py, allowing arbitrary code execution via a malicious 'inhouse' model...