109 matches found
CVE-2026-4362
The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...
WordPress plugin ElementsKit Elementor Addons 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
BIT-MLFLOW-2025-15379 Command Injection in mlflow/mlflow
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...
GHSA-R23Q-823P-VMF7 MLflow Command Injection vulnerability
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...
CVE-2025-15379
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...
CVE-2025-15379 Command Injection in mlflow/mlflow
A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...
CVE-2025-15379
Summary: CVE-2025-15379 affects MLflow (model serving container initialization). In the function _install_model_dependencies_to_env(), when deploying with env_manager=LOCAL, dependency specs from the model artifact's python_env.yaml are interpolated into a shell command without sanitization, enab...
PT-2026-28801
Name of the Vulnerable Software and Affected Versions MLflow versions 3.8.0 through 3.8.1 Description A command injection issue exists in MLflow’s model serving container initialization code, specifically within the install model dependencies to env function. When deploying a model with env...
SUSE CVE-2026-21883
Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...
CVE-2026-21883
Bokeh is an interactive visualization library written in Python. In versions 3.8.1 and below, if a server is configured with an allowlist e.g., dashboard.corp, an attacker can register a domain like dashboard.corp.attacker.com or use a subdomain if applicable and lure a victim to visit it. The...
GHSA-793V-589G-574V Bokeh server applications have Incomplete Origin Validation in WebSockets
This vulnerability allows for Cross-Site WebSocket Hijacking CSWSH of a deployed Bokeh server instance. Scope This vulnerability is only relevant to deployed Bokeh server instances. There is no impact on static HTML output, standalone embedded plots, or Jupyter notebook usage. This vulnerability...
EUVD-2025-38290
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...
CVE-2025-63690
In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...
pig 安全漏洞
pig is a privilege management system for pig-mesh open source. A security vulnerability exists in pig 3.8.2 and earlier versions, which originates in the Quartz management feature that can execute arbitrary Java classes via reflection, potentially leading to remote code execution...
CVE-2025-63691
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface /api/admin/sys-token/page has an improper permission verification issue, which leads to information leakage. This interface can be called by any user who...
PT-2025-45450
Name of the Vulnerable Software and Affected Versions pig-mesh versions 3.8.2 and below Description The software contains a flaw that allows for remote code execution. Specifically, when configuring scheduled tasks within the Quartz management function, located in the system management module, it...
CVE-2025-63691
In pig-mesh Pig 3.8.2 and earlier, the /api/admin/sys-token/page token query endpoint in the Token Management function (System Management) has improper permission checks, enabling information leakage. Any authenticated user can call this endpoint and retrieve plaintext authentication Tokens for a...
WordPress Marquee Addons for Elementor plugin <= 3.8.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Michael in WordPress Plugin Marquee Addons for Elementor versions = 3.8.2...
CVE-2025-9897
The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated attackers to create or...
EUVD-2025-32245
Malicious code in bioql PyPI...