Lucene search
K

206 matches found

Tenable Nessus
Tenable Nessus
added 2025/01/03 12:0 a.m.7 views

ZenML < 0.55.5 Arbitrary File Upload

The version of ZenML installed on the remote host is prior to 0.55.5. It is, therefore, affected by an arbitrary file upload vulnerability in the load function at /materializers/cloudpicklematerializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file...

8.8CVSS6.1AI score0.00713EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/01/03 12:0 a.m.16 views

ZenML < 0.56.3 Unpatched Session Expiration Exposure (CVE-2024-4680)

The version of ZenML installed on the remote host is prior to 0.56.3. It is, therefore, affected by a vulnerability which allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change,...

8.8CVSS5.7AI score0.00405EPSS
Exploits1References2
Veracode
Veracode
added 2024/12/03 5:43 a.m.6 views

Account Takeover

zenml is vulnerable to Account Takeover. The vulnerability is due to a lack of rate-limiting on the '/api/v1/current-user' endpoint, which allows attackers to brute-force the current password in the 'Update Password' function...

5.4CVSS6.7AI score0.00456EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/14 6:30 p.m.20 views

Missing ratelimit on passwrod resets in zenml

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...

5.4CVSS7.3AI score0.00456EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2024/11/14 6:30 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview zenml is a ZenML: Write production-ready ML code. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the /api/v1/current-user endpoint. An attacker can brute-force the current password in the Update Password function, allowing them...

5.9CVSS7AI score0.00456EPSS
Exploits1References2
NVD
NVD
added 2024/11/14 6:15 p.m.32 views

CVE-2024-4311

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...

5.4CVSS0.00456EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/14 5:35 p.m.11 views

CVE-2024-4311 Lack of login attempt rate-limiting in zenml-io/zenml

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...

5.4CVSS5.7AI score0.00456EPSS
Exploits1References2
OSV
OSV
added 2024/11/14 5:35 p.m.13 views

CVE-2024-4311 Lack of login attempt rate-limiting in zenml-io/zenml

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...

5.4CVSS6.2AI score0.00456EPSS
Exploits1References4
CVE
CVE
added 2024/11/14 5:35 p.m.93 views

CVE-2024-4311

ZenML 0.56.4 is affected by CVE-2024-4311 due to no rate-limiting on the password-change flow, enabling brute-forcing of the current password via /api/v1/current-user and potentially taking over the user account. Affected component: password update function. Impact: account takeover with unauthen...

5.4CVSS5.6AI score0.00456EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.4 views

ZenML 安全漏洞

ZenML is an extensible open source MLOps framework from ZenML Open Source for creating portable, production-ready machine learning pipelines. A security vulnerability exists in ZenML version 0.56.4, which stems from a lack of rate limiting in the password change function, making it vulnerable to...

5.4CVSS5.5AI score0.00456EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2024/11/11 10:11 a.m.13 views

Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation

Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning ML related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published...

8.8CVSS10AI score0.14956EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2024/08/21 12:0 a.m.6 views

ZenML Detection

Binary data pythonzenmldetect.nbin...

7.3AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.8 views

ZenML Detection

Binary data 701476.prm...

7.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/07/05 12:0 a.m.5 views

The vulnerability of the final point of the application programming interface /api/v1/users/{user_name_or_id}/activate, which is part of the Zenml machine learning pipeline creation framework, allows a violator to elevate their privileges.

The vulnerability of the final point of the application software interface/api/v1/users/usernameorid/activate function in the Zenml machine learning pipeline creation framework is related to deficiencies in the access control mechanism. Exploiting this vulnerability could allow an attacker to...

6.5CVSS7.5AI score0.70581EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.7 views

ZenML Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible ZenML instance on the target application. ZenML is an open-source framework dedicated to MLOps abstracting the underlying infrastructure. This detection is included in the AI and LLM category. N...

7.2AI score
Exploits0References2
Veracode
Veracode
added 2024/07/01 10:13 a.m.17 views

Cross Site Scripting(XSS)

zenml is vulnerable to Cross-Site Scripting XSS . The vulnerability is due to improper input neutralization during web page generation within the survey redirect parameter, which allows an attacker to execute arbitrary JavaScript code in the context of the user's browser session...

6.1CVSS6AI score0.00388EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/06/30 6:30 p.m.63 views

GHSA-3434-HC3M-8MMM Reflected Cross-Site Scripting (XSS) in zenml

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS5.4AI score0.00388EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/06/30 6:30 p.m.20 views

Reflected Cross-Site Scripting (XSS) in zenml

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS5.7AI score0.00388EPSS
Exploits1References5Affected Software1
PyPA
PyPA
added 2024/06/30 4:15 p.m.10 views

PYSEC-2024-176

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS6AI score0.00388EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2024/06/30 4:15 p.m.40 views

CVE-2024-5062

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS0.00388EPSS
Exploits1References2
Rows per page
Query Builder