Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-32806

Malicious code in bioql PyPI...

7.1CVSS7AI score0.0047EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:10 p.m.7 views

CVE-2024-10624

A Regular Expression Denial of Service ReDoS vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit 98cbcae. The vulnerability arises from the use of a regular expression ^?:\snow\s?:-\s\d+\sdmhs??\s$ to process user input...

7.5CVSS6.7AI score0.01015EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:19 a.m.8 views

CVE-2024-4254

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

7.1CVSS6.9AI score0.0047EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 12:7 a.m.8 views

CVE-2024-4253

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

7.5CVSS7.7AI score0.0169EPSS
Exploits1
NVD
NVD
added 2024/04/16 12:15 a.m.25 views

CVE-2024-1183

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

6.5CVSS6.4AI score0.01784EPSS
Exploits1References2
OSV
OSV
added 2024/04/16 12:0 a.m.5 views

CVE-2024-1183 SSRF Vulnerability in gradio-app/gradio

An SSRF Server-Side Request Forgery vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the...

6.5CVSS6.6AI score0.01784EPSS
Exploits1References4
NVD
NVD
added 2024/03/29 5:15 a.m.21 views

CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

5.9CVSS5.8AI score0.00497EPSS
Exploits1References2
Rows per page
Query Builder