CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

OpenML Frontend 安全漏洞

OpenML Frontend is an OpenML Frontend page from OpenML Open Source. A security vulnerability exists in OpenML Frontend version v2.0.20241110, which stems from the use of predictable MD5-based tokens that could lead to account takeover...

CVE-2025-55796

OpenML Frontend (openml.org) web app version v2.0.20241110 is affected by a token-generation flaw. Tokens used for signup confirmation, password resets, email confirmations/resends, and email changes are MD5-based and generated from the current timestamp (format "%d %H:%M:%S") without user-specif...

CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

CVE-2025-55795

The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...

OpenML Frontend 安全漏洞

OpenML Frontend is an OpenML Frontend page from OpenML Open Source. A security vulnerability exists in OpenML Frontend version v2.0.20241110, which stems from insufficient validation of incremental user IDs and email ownership, and could lead to an attacker locking out a victim's account via an...

CVE-2025-55795

The openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during email update workflows. An authenticated attacker controlling a user account with a lower user ID can update their email address to that of another user with ...

CVE-2025-55795

OpenML OpenML.org web app v2.0.20241110 is affected by CVE-2025-55795 due to incremental user IDs and insufficient email ownership verification during email updates. An authenticated attacker with a lower user ID can reassign their email to a higher-ID user, causing the victim to be locked out an...

ai.h2o:sparkling-water-api-generation_2.11 (>=3.34.0.3-1-2.2 <=3.46.0.6-1-2.4), ai.h2o:sparkling-water-api-generation_2.12 (>=3.34.0.3-1-3.0 <=3.46.0.6-1-3.5) +9 more potentially affected by CVE-2024-10572 via ai.h2o:h2o-ext-xgboost (>=3.34.0.1 <=3.46.0.6)

ai.h2o:h2o-ext-xgboost MAVEN version =3.34.0.1, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.1-1-2.2, =3.34.0.1-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =3.34.0.3-1-2.2, =3.34.0.3-1-3.0, =2.0.0, =2.1.1 Source cves: CVE-2024-10572 Source advisory:...