6 matches found
GHSA-65H7-C7C4-MGHX MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability
A Server-Side Request Forgery SSRF vulnerability exists in MLflow versions prior to 3.9.0. The createwebhook function in mlflow/server/handlers.py accepts a user-controlled url parameter without validation, and the sendwebhookrequest function in mlflow/webhooks/delivery.py sends HTTP POST request...
PT-2025-53270
Name of the Vulnerable Software and Affected Versions Funnelforms versions prior to 3.9 Description An authorization issue exists in Funnelforms Free that allows exploitation of incorrectly configured access control security levels. Recommendations Update to version 3.9 or later...
PT-2024-24389 · Unknown · Gold Plugins
Name of the Vulnerable Software and Affected Versions: Gold Plugins Before And After versions n/a through 3.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...
CVE-2023-23762
An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code...
Apple Remote Desktop 加密问题漏洞
Apple Remote Desktop is a remote desktop feature from Apple. A security vulnerability exists in Apple Remote Desktop versions prior to 3.9, which can be exploited by an attacker to capture plaintext passwords...
Mattermost Server Trust Management Issues Vulnerability (CNVD-2020-35447)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.9.0 that stems from encryption and signature verification not being mandatory. No details of the vulnerability are provided a...