Lucene search
K

11 matches found

Nuclei
Nuclei
added 9 hours ago33 views

MLflow Job API - Authentication Bypass

MLflow latest version contains an authentication bypass caused by unprotected FastAPI job endpoints under /ajax-api/3.0/jobs/ when basic-auth is enabled, letting unauthenticated network clients submit and manage jobs, exploit requires job execution enabled and allowlisted job functions. id:...

9.8CVSS7.1AI score0.04392EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/03 6:31 p.m.10 views

mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.8CVSS7.8AI score0.04392EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/03 6:31 p.m.3 views

GHSA-7QHF-V65M-G5F3 mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization

In mlflow/mlflow, the FastAPI job endpoints under /ajax-api/3.0/jobs/ are not protected by authentication or authorization when the basic-auth app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled MLFLOWSERVERENABLEJOBEXECUTION=true and any j...

9.1CVSS7.8AI score0.04392EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.10 views

MLflow 访问控制错误漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible executions, and sharing and deploying models. There is a security vulnerability in MLflow, which stems from the lack of authentication or...

9.8CVSS7.6AI score0.04392EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-15496

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...

9.8CVSS7.1AI score0.00348EPSS
Exploits1References1
NVD
NVD
added 2026/01/09 5:15 p.m.6 views

CVE-2025-15496

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...

9.8CVSS0.00348EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/09 5:2 p.m.25 views

CVE-2025-15496 guchengwuyue yshopmall jobs getPage sql injection

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...

6.5CVSS0.00348EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/09 5:2 p.m.5 views

CVE-2025-15496 guchengwuyue yshopmall jobs getPage sql injection

A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The project...

6.5CVSS6.8AI score0.00348EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.4 views

PT-2026-1775

Name of the Vulnerable Software and Affected Versions guchengwuyue yshopmall versions up to 1.9.1 Description A flaw exists in the getPage function within the /api/jobs file that allows for SQL injection through manipulation of the sort argument. This issue can be exploited remotely. The exploit ...

6.5CVSS6.6AI score0.00348EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.4 views

yshopmall 安全漏洞

yshopmall is a mall system by guchengwuyue personal developer. A security vulnerability exists in yshopmall 1.9.1 and earlier versions, which stems from the incorrect operation of the parameter sort in file/api/jobs, and may lead to SQL injection attacks...

9.8CVSS7AI score0.00348EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2022/05/13 1:33 a.m.6 views

com.mozu:mozu-api-jobs (>=1.0.13 <=1.0.23), gradle.plugin.com.atc.gradle.plugins.xd:spring-xd-deploy-plugin (>=0.0.1 <=0.0.8) +25 more potentially affected by CVE-2018-1229 via org.springframework.batch:spring-batch-admin-manager (>=1.3.0.RELEASE <=1.3.1.RELEASE)

org.springframework.batch:spring-batch-admin-manager MAVEN version =1.3.0.RELEASE, =1.0.13, =0.0.1, =1.3.1.RELEASE, =1.6.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.0.0.RELEASE, =1.1.0.RELEASE, =1.7.3.RELEASE -...

6.1CVSS6.3AI score0.00754EPSS
Exploits0
Rows per page
Query Builder