CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-0494

Malicious code in bioql PyPI...

9.6CVSS8AI score0.00204EPSS

Exploits1References7

RedhatCVE•added 2025/02/05 3:57 a.m.•4 views

CVE-2024-27132

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

9.6CVSS6.1AI score0.00243EPSS

Exploits1References1

RedhatCVE•added 2025/02/05 3:45 a.m.•7 views

CVE-2024-27133

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

9.6CVSS5.9AI score0.00204EPSS

Exploits1References1

OSV•added 2024/03/31 6:21 p.m.•23 views

BIT-MLFLOW-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

9.6CVSS8.2AI score0.00243EPSS

Exploits1References4

Veracode•added 2024/02/26 9:25 a.m.•17 views

Cross Site Scripting (XSS)

mlflow is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of sanitization within the STACKTRACE and SCHEMA template variables, resulting in a client-side RCE when running an untrusted recipe in Jupyter Notebook...

9.6CVSS6.4AI score0.00243EPSS

Exploits1References3Affected Software1

Github Security Blog•added 2024/02/24 12:30 a.m.•27 views

Cross-site Scripting in MLFlow

9.6CVSS8.3AI score0.00243EPSS

Exploits1References5Affected Software1

OSV•added 2024/02/24 12:30 a.m.•16 views

GHSA-6749-M5CP-6CG7 Cross-site Scripting in MLFlow

9.6CVSS8.2AI score0.00243EPSS

Exploits1References5

Github Security Blog•added 2024/02/24 12:30 a.m.•16 views

MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution

9.6CVSS5.9AI score0.00204EPSS

Exploits1References7Affected Software1

PyPA•added 2024/02/23 10:15 p.m.•7 views

PYSEC-2024-241

9.6CVSS6.3AI score0.00204EPSS

Exploits1References4Affected Software1

NVD•added 2024/02/23 10:15 p.m.•12 views

CVE-2024-27133

9.6CVSS7.2AI score0.00204EPSS

Exploits1References2

Prion•added 2024/02/23 10:15 p.m.•10 views

Design/Logic Flaw

5.1CVSS7.1AI score0.00243EPSS

Exploits1References2

Vulnrichment•added 2024/02/23 10:0 p.m.•12 views

CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

7.5CVSS5.9AI score0.00204EPSS

Exploits1References2

Cvelist•added 2024/02/23 10:0 p.m.•14 views

CVE-2024-27133 Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

7.5CVSS7.3AI score0.00204EPSS

Exploits1References2

Cvelist•added 2024/02/23 9:58 p.m.•25 views

CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

7.5CVSS7.3AI score0.00243EPSS

Exploits1References2

Vulnrichment•added 2024/02/23 9:58 p.m.•26 views

CVE-2024-27132 Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

7.5CVSS6AI score0.00243EPSS

Exploits1References2

Hacker One•added 2020/08/20 12:27 p.m.•14 views

Brave Software: Arbitrary file download via "Save .torrent file" option can lead to Client RCE and XSS

Summary: An attacker can use the "Save .torrent file" option in WebTorrent to smuggle malicious files onto the client's machine. Description Brave allows users to download the ".torrent" via WebTorrent. WebTorrent decides whether a file is torrent or not based on the following headers...

1.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by