Missing Authentication for Critical Function

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the FastAPI...

PT-2026-30198

Name of the Vulnerable Software and Affected Versions mlflow/mlflow affected versions not specified Description The FastAPI job endpoints under /ajax-api/3.0/jobs/ in mlflow/mlflow are not protected by authentication or authorization when the basic-auth app is enabled. If job execution is enabled...

GHSA-X8JC-JVQM-PM3F File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution

Summary The signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin commit a63573b. The Execute permission and Commands list from the default user template are not stripped. When an administrator has enabled signup, server-side...

CVE-2022-1117

A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker...