Lucene search
K

110 matches found

Chainguard
Chainguard
added 2026/06/26 8:22 p.m.14 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-redshiftserverless-fips, crossplane-provider-aws-cloudformation-fips, src, crossplane-provider-azure-search, crossplane-provider-aws-backup-fips, cloud-provider-aws, crossplane-provider-aws-emr, vault-fips, jfrog-cli, gitlab-kas,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.7 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-redshiftserverless-fips, crossplane-provider-aws-cloudformation-fips, src, crossplane-provider-azure-search, crossplane-provider-aws-backup-fips, cloud-provider-aws, crossplane-provider-aws-emr, vault-fips, jfrog-cli, gitlab-kas,...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.9 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: flyte, kubernetes-csi-external-resizer-fips, crossplane-provider-azure-search, backup-restore-operator-fips, boring-registry, cloud-provider-aws, ingress-nginx-controller-fips, consul-k8s, vault-fips, gitaly, gitlab-kas, neuvector-fips, amazon-eks-ami-fips,...

5.3CVSS6.1AI score0.00237EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.10 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: flyte, kubernetes-csi-external-resizer-fips, crossplane-provider-azure-search, backup-restore-operator-fips, boring-registry, cloud-provider-aws, ingress-nginx-controller-fips, consul-k8s, vault-fips, gitaly, gitlab-kas, neuvector-fips, amazon-eks-ami-fips,...

6.1AI score
Exploits0
OSV
OSV
added 2026/06/15 5:38 p.m.19 views

MAL-2026-5809 Malicious code in databricks-tools-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ecf172545ef84f1fcbeeae028a55d2bb570d68a3356a26526269e267f184a10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/15 5:38 p.m.12 views

Malicious code in databricks-tools-core (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ecf172545ef84f1fcbeeae028a55d2bb570d68a3356a26526269e267f184a10 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
Chainguard
Chainguard
added 2026/06/04 1:20 p.m.9 views

GHSA-W2Q5-6Q6X-X959 vulnerabilities

Vulnerabilities for packages: flyte, backup-restore-operator-fips, volcano, boring-registry, ingress-nginx-controller-fips, consul-k8s, vault-fips, gitaly, ipfs-cluster, crossplane-aws-provider-fips, helm-fips, terraform-provider-time, gitlab-rails-ce-fips, helm-exporter-fips, docker-cli-buildx,...

6.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 10:23 a.m.8 views

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +30 more potentially affected by CVE-2026-4035 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =0.2.0, =0.2.1 and more Source cves: CVE-2026-4035 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-17135850...

9.1CVSS7.7AI score0.00435EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/06/03 10:23 a.m.7 views

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2026-4035 via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2026-4035 Source advisory: SNYK:PYTHON-MLFLOW-17135851...

9.1CVSS7.7AI score0.00435EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/25 7:33 a.m.8 views

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2651 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2651 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16874026...

9CVSS7.7AI score0.00345EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/25 7:33 a.m.6 views

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2651 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2651 Source advisory: SNYK:PYTHON-MLFLOW-16874027...

9CVSS7.7AI score0.00345EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/18 11:48 p.m.7 views

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2025-10279 +1 more via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2025-10279, CVE-2026-4137 Source advisory: SNYK:PYTHON-MLFLOW-16756601...

7.8CVSS7.1AI score0.00215EPSS
Exploits2
OSV
OSV
added 2026/05/18 9:31 p.m.30 views

GHSA-F2M9-WCF4-CWWX MLFlow Creates a Temporary File With Insecure Permissions

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS6.3AI score0.00193EPSS
Exploits1References5
CVE
CVE
added 2026/05/18 8:26 p.m.27 views

CVE-2026-4137

CVE-2026-4137 : In mlflow/mlflow before 3.11.0, two temp-dir creation paths expose world/group-writable permissions: get_or_create_nfs_tmp_dir() creates 0o777 and _create_model_downloading_tmp_dir() creates 0o770. This enables local attackers with access to shared NFS mounts (e.g., Databricks) to...

7.8CVSS7.6AI score0.00193EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/18 8:26 p.m.2 views

CVE-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00193EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/18 8:26 p.m.13 views

EUVD-2026-30807

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7CVSS7.6AI score0.00215EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.16 views

PT-2026-41733

Name of the Vulnerable Software and Affected Versions mlflow versions prior to 3.11.0 Description The get or create nfs tmp dir function in mlflow/utils/file utils.py creates temporary directories with world-writable permissions 0o777, and the create model downloading tmp dir function in...

7.8CVSS7.6AI score0.00193EPSS
Exploits1References11
vulnersOsv
vulnersOsv
added 2026/05/15 6:17 a.m.11 views

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +15 more potentially affected by CVE-2026-2652 via mlflow-skinny (>=3.0.0 <=3.0.1)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =3.0.0, =0.1.0, =0.1.4 and more Source cves: CVE-2026-2652 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-16698136...

8.6CVSS7.5AI score0.01502EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/15 6:17 a.m.7 views

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2652 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2652 Source advisory: SNYK:PYTHON-MLFLOW-16698137...

8.6CVSS7.2AI score0.01502EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/12 3:23 p.m.10 views

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-2614 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-2614 Source advisory: SNYK:PYTHON-MLFLOW-16643490...

7.5CVSS7AI score0.00712EPSS
Exploits1
Rows per page
Query Builder