9 matches found
CVE-2026-42615
GCHQ CyberChef before 11.0.0 allows XSS via Show Base64 offsets, as demonstrated by the /recipe=ShowBase64offsets'%3Cscript substring...
PT-2026-35866
Name of the Vulnerable Software and Affected Versions GCHQ CyberChef versions prior to 11.0.0 Description Cross-Site Scripting XSS is possible via the Show Base64 offsets feature. This occurs through the endpoint '/recipe=Show Base64 offsets', where an attacker can inject malicious scripts...
EUVD-2007-0555
Malware in sbrugna...
GHSA-CV6C-7963-WXCG MLFlow unsafe deserialization
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...
CVE-2024-37060
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run...
CVE-2022-34618
A stored cross-site scripting XSS vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field...
Design/Logic Flaw
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536...
CVE-2007-0557
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536...
CVE-2007-0557
rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536...