CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

203 matches found

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7.2AI score0.37366EPSS

Exploits1References2

ATTACKERKB•added 2026/06/03 11:30 p.m.•6 views

CVE-2026-10783

A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function saveaudiotocache of the component Audio Cache Key Handler. Performing a manipulation results in use of weak hash. The attack must be initiated from a local position. The attack is considered to have high...

2.5CVSS5.2AI score0.00106EPSS

Exploits1References7Affected Software1

vulnersOsv•added 2026/05/27 5:34 p.m.•7 views

doc-redaction (>=2.2.0 <=2.3.0), f5-tts (=1.1.20) +8 more potentially affected by CVE-2026-48545 via gradio (>=6.0.0 <=6.11.0)

gradio PYPI version =6.0.0, =2.2.0, =2.1.1, =0.0.1, =1.14.0, =2.9.0 Source cves: CVE-2026-48545 Source advisory: SNYK:PYTHON-GRADIO-16960000...

7.6CVSS5.5AI score0.00355EPSS

Exploits0

Snyk•added 2026/05/27 5:34 p.m.•11 views

Session Fixation

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Session Fixation via /proxy reverse proxy requests. A malicious HF Space can hijack user sessions and gain unauthorized access to other users'...

8CVSS5.8AI score0.00355EPSS

Exploits0References2

NVD•added 2026/05/27 3:16 p.m.•18 views

CVE-2026-48545

Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across all users in the reverse proxy endpoint. Attackers controlling any HF Space can return a...

7.6CVSS0.00355EPSS

Exploits0References5

CVE•added 2026/05/27 2:59 p.m.•16 views

CVE-2026-48545

CVE-2026-48545 : Gradio before 6.15.0 is affected by a cookie injection vulnerability due to a shared module‑level HTTP client used by the reverse proxy endpoint. Attackers controlling any HF Space can return a parent‑domain cookie that the shared client stores and automatically replays into subs...

7.6CVSS5.9AI score0.00355EPSS

Exploits0References5Affected Software1

vulnersOsv•added 2026/03/01 1:29 a.m.•7 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28415 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.2.5, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28415 Source advisory: OSV:GHSA-PFJF-5GXR-995X...

4.7CVSS5.4AI score0.00232EPSS

Exploits0

vulnersOsv•added 2026/03/01 1:28 a.m.•5 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28414 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.2.5, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28414 Source advisory: OSV:GHSA-39MP-8HJ3-5C49...

7.5CVSS7.7AI score0.03095EPSS

Exploits1

vulnersOsv•added 2026/03/01 1:0 a.m.•6 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1035 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

gradio PYPI version =4.16.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.4, =0.1.11 and more Source cves: CVE-2026-27167 Source advisory: OSV:GHSA-H3H8-3V2V-RG7M...

5.9CVSS5.4AI score0.00453EPSS

Exploits1

vulnersOsv•added 2026/02/28 12:14 a.m.•4 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-28415 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28415 Source advisory: SNYK:PYTHON-GRADIO-15366398...

4.7CVSS5.4AI score0.00232EPSS

Exploits0

vulnersOsv•added 2026/02/28 12:14 a.m.•6 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-28416 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28416 Source advisory: SNYK:PYTHON-GRADIO-15366414...

8.6CVSS5.4AI score0.00316EPSS

Exploits0

vulnersOsv•added 2026/02/28 12:14 a.m.•5 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-28414 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-28414 Source advisory: SNYK:PYTHON-GRADIO-15366417...

7.5CVSS7.7AI score0.03095EPSS

Exploits1

vulnersOsv•added 2026/02/28 12:14 a.m.•3 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +692 more potentially affected by CVE-2026-27167 via gradio (>=6.0.0 <=6.4.0)

gradio PYPI version =6.0.0, =0.2.2, =0.1.0, =0.2.5, =0.0.3, =0.1.5, =0.1.0, =0.1.0, =0.1.0, =3.3.0, =0.1.4, =0.1.3, =0.1.0, =0.2.0 and more Source cves: CVE-2026-27167 Source advisory: SNYK:PYTHON-GRADIO-15366402...

5.9CVSS5.4AI score0.00453EPSS

Exploits1

Snyk•added 2026/02/28 12:14 a.m.•5 views

Use of Hard-coded Credentials

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the login/huggingface route, which retrieves the server's Hugging Face access token using the huggingfacehub.gettok...

8.2CVSS5.9AI score0.00453EPSS

Exploits1References2

vulnersOsv•added 2026/02/27 10:16 p.m.•6 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28415 via gradio (>=1.7.7 <=6.4.0)

4.7CVSS5.4AI score0.00232EPSS

Exploits0

vulnersOsv•added 2026/02/27 10:16 p.m.•7 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28414 via gradio (>=1.7.7 <=6.4.0)

7.5CVSS7.7AI score0.03095EPSS

Exploits1

vulnersOsv•added 2026/02/27 10:16 p.m.•7 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1117 more potentially affected by CVE-2026-28416 via gradio (>=1.7.7 <=6.4.0)

gradio PYPI version =1.7.7, =0.2.2, =0.1.0, =0.2.5, =0.3.0, =0.0.3, =0.1.5, =0.8.2.4, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =3.3.9 and more Source cves: CVE-2026-28416 Source advisory: OSV:PYSEC-2026-66...

8.6CVSS5.4AI score0.00316EPSS

Exploits0

OSV•added 2026/02/27 10:16 p.m.•8 views

PYSEC-2026-64

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.7, Gradio apps running on Window with Python 3.13+ are vulnerable to an absolute path traversal issue that enables unauthenticated attackers to read arbitrary files from the file system. Python 3.13+ change...

7.5CVSS5.9AI score0.03095EPSS

Exploits1References1

vulnersOsv•added 2026/02/27 10:16 p.m.•9 views

3d-rcnet (>=0.2.2 <=0.2.3), aa-prepflow (>=0.1.0 <=0.1.1) +1035 more potentially affected by CVE-2026-27167 via gradio (>=4.16.0 <=6.4.0)

5.9CVSS5.4AI score0.00453EPSS

Exploits1

EUVD•added 2026/02/27 9:47 p.m.•6 views

EUVD-2026-9084

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, a Server-Side Request Forgery SSRF vulnerability in Gradio allows an attacker to make arbitrary HTTP requests from a victim's server by hosting a malicious Gradio Space. When a victim application uses...

8.2CVSS6AI score0.00316EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by