Lucene search
+L

312 matches found

Vulnrichment
Vulnrichment
added 2026/01/12 4:53 p.m.4 views

CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

8.1CVSS6.6AI score0.19213EPSS
Exploits2References1
OSV
OSV
added 2026/01/12 4:53 p.m.7 views

CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PU...

8.1CVSS6.9AI score0.19213EPSS
Exploits2References4
Snyk
Snyk
added 2026/01/12 4:10 p.m.4 views

Directory Traversal

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Directory Traversal via the PUT handler in the file upload API, which directly joins user-supplied input into a filesystem path without proper...

9.8CVSS7.7AI score0.19213EPSS
Exploits2References4
OSV
OSV
added 2026/01/12 4:10 p.m.3 views

GHSA-QQHF-PM3J-96G7 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS

Summary BlueRock discovered an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. Details The PUT handler in file.py directly joins user-controlled data into a...

8.1CVSS5.9AI score0.19213EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.7 views

PT-2026-2279

Name of the Vulnerable Software and Affected Versions MindsDB versions prior to 25.11.1 Description MindsDB is a platform for building artificial intelligence from enterprise data. An unauthenticated path traversal exists in the file upload API for versions prior to 25.11.1, allowing any caller t...

9.1CVSS6.6AI score0.19213EPSS
Exploits2References14
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.8 views

MindsDB 安全漏洞

MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions prior to 25.11.1, which stems from user-controlled data in the File Upload API being spliced directly to a file system path, potentially leading to a path traversal...

9.1CVSS6.5AI score0.19213EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.8 views

CVE-2023-49795

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issu...

6.5CVSS6.4AI score0.00422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.5 views

CVE-2023-49796

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in file.py Users should use MindsDB's staging branch or v23.11.4.1, which contain a fix for the issue...

5.3CVSS6.8AI score0.00492EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.11 views

CVE-2022-23522

MindsDB is an open source machine learning platform. An unsafe extraction is being performed using shutil.unpackarchive from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip...

8.8CVSS6.5AI score0.00883EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-0148

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-2700

Malicious code in bioql PyPI...

9CVSS6.4AI score0.00473EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-0111

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00481EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0110

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.0068EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-0151

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00492EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0149

Malicious code in bioql PyPI...

6.5CVSS6AI score0.00422EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-0112

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00481EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-0108

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00864EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0147

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00883EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1166

Malicious code in bioql PyPI...

5.8CVSS5.8AI score0.00368EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2024-2774

Malicious code in bioql PyPI...

8.8CVSS6.4AI score0.00851EPSS
Exploits1References5
Rows per page
Query Builder