312 matches found
CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...
CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...
Directory Traversal
Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal via the PUT handler in the file upload API, which directly joins user-supplied input into a filesystem path without proper...
GHSA-QQHF-PM3J-96G7 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
Summary BlueRock discovered an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. Details The PUT handler in file.py directly joins user-controlled data into a...
PT-2026-2279
Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 25.11.1 Description MindsDB is a platform for building artificial intelligence from enterprise data. An unauthenticated path traversal exists in the file upload API for versions prior to 25.11.1, allowing any caller t...
MindsDB 安全漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions prior to 25.11.1, which stems from user-controlled data in the File Upload API being spliced directly to a file system path, potentially leading to a path traversal...
CVE-2023-49795
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issu...
CVE-2023-49796
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...
CVE-2022-23522
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...
EUVD-2023-0148
Malicious code in bioql PyPI...
EUVD-2024-2700
Malicious code in bioql PyPI...
EUVD-2024-0111
Malicious code in bioql PyPI...
EUVD-2024-0110
Malicious code in bioql PyPI...
EUVD-2023-0151
Malicious code in bioql PyPI...
EUVD-2023-0149
Malicious code in bioql PyPI...
EUVD-2024-0112
Malicious code in bioql PyPI...
EUVD-2024-0108
Malicious code in bioql PyPI...
EUVD-2023-0147
Malicious code in bioql PyPI...
EUVD-2024-1166
Malicious code in bioql PyPI...
EUVD-2024-2774
Malicious code in bioql PyPI...