3 matches found
MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...
PT-2024-19229 · Cozmoslabs · Profile Builder
Name of the Vulnerable Software and Affected Versions: Cozmoslabs Profile Builder Pro versions 3.10.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...
APUS Launcher 安全漏洞
APUS Launcher is an application from Kirin Hesheng Technology APUS, a company based in Beijing, China. Automatically sorts your apps by category on the home screen to quickly and easily find the apps you want. A security vulnerability exists in APUS Launcher versions v.3.10.73 and v.3.10.88, whic...