Lucene search
+L

6 matches found

vulnersOsv
vulnersOsv
added 2026/05/18 11:48 p.m.8 views

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +30 more potentially affected by CVE-2025-10279 +1 more via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =0.2.0, =0.2.1 and more Source cves: CVE-2025-10279, CVE-2026-4137 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16756597...

7.8CVSS7.1AI score0.00215EPSS
Exploits2
EUVD
EUVD
added 2026/05/18 8:26 p.m.13 views

EUVD-2026-30807

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00215EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2026/02/02 12:31 p.m.5 views

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +946 more potentially affected by CVE-2025-10279 via mlflow (>=0.8.2 <=3.4.0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2025-10279 Source advisory: OSV:GHSA-4X5P-F36R-MXXR...

7CVSS7AI score0.00215EPSS
Exploits1
Cvelist
Cvelist
added 2026/02/02 10:36 a.m.34 views

CVE-2025-10279 Privilege Escalation in mlflow/mlflow

In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions 0o777. This vulnerability allows an attacker with write access to the /tmp directory to exploit a race condition and overwrite .py files in the virtual...

7CVSS0.00215EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/09/03 9:0 p.m.5 views

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +753 more potentially affected by CVE-2025-10279 via mlflow-skinny (>=3.0.0 <=3.4.0)

mlflow-skinny PYPI version =3.0.0, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-10279 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16755466...

7CVSS7AI score0.00215EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/09/03 9:0 p.m.10 views

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +693 more potentially affected by CVE-2025-10279 via mlflow (>=3.0.0rc2 <=3.4.0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-10279 Source advisory: SNYK:PYTHON-MLFLOW-15170849...

7CVSS7AI score0.00215EPSS
Exploits1
Rows per page
Query Builder