Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CNVD
CNVDadded 2025/10/21 12:0 a.m.4 views

ZenML Input Validation Error Vulnerability

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. An input validation error vulnerability exists in ZenML version 0.83.1, which stems from the failure of the PathMaterializer class to effectively detect...

7.8CVSS7.4AI score0.0004EPSS
Exploits1References1
OSV
OSVadded 2025/10/05 9:30 a.m.1 views

GHSA-Q92X-2X5G-H365 ZenML is vulnerable to Path Traversal through its `PathMaterializer` class

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...

6.3CVSS6.8AI score0.0004EPSS
Exploits1References4
NVD
NVDadded 2025/10/05 9:15 a.m.3 views

CVE-2025-8406

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...

7.8CVSS0.0004EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/10/05 9:0 a.m.3 views

CVE-2025-8406 Path Traversal in zenml-io/zenml

ZenML version 0.83.1 is affected by a path traversal vulnerability in the PathMaterializer class. The load function uses ispathwithindirectory to validate files during data.tar.gz extraction, which fails to effectively detect symbolic and hard links. This vulnerability can lead to arbitrary file...

6.3CVSS6.9AI score0.0004EPSS
Exploits1References2
CVE
CVEadded 2025/10/05 9:0 a.m.8 views

CVE-2025-8406

ZenML 0.83.1 is affected by a path traversal flaw in PathMaterializer during data.tar.gz extraction; is_path_within_directory fails to catch symbolic/hard links, enabling arbitrary file writes and potential command execution if critical files are overwritten. Remediation present in connected docs...

7.8CVSS6.8AI score0.0004EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2025/10/05 12:0 a.m.1 views

ZenML 安全漏洞

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. An input validation error vulnerability exists in ZenML version 0.83.1, which stems from the failure of the PathMaterializer class to effectively detect...

7.8CVSS7.2AI score0.0004EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2025/10/05 12:0 a.m.2 views

PT-2025-40803

Name of the Vulnerable Software and Affected Versions ZenML version 0.83.1 Description The software contains a path traversal issue in the PathMaterializer class. The load function uses is path within directory to validate files during data.tar.gz extraction, which does not properly detect symbol...

6.3CVSS6.8AI score0.0004EPSS
Exploits1References5
Rows per page
Query Builder