Lucene search
K

312 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-0107

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00864EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-1166

Malicious code in bioql PyPI...

5.8CVSS5.8AI score0.00368EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0113

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00481EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-0108

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.00864EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0112

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00481EPSS
Exploits1References6
Snyk
Snyk
added 2025/08/01 6:31 a.m.3 views

Template Injection

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Template Injection in the prepareprompts function, which allows the ContextualPreprocessor template to be corrupted. Note: Code injection is not...

5.3CVSS7.6AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:14 a.m.6 views

CVE-2024-3575

Cross-site Scripting XSS - Stored in mindsdb/mindsdb...

5.8CVSS6AI score0.00368EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.11 views

CVE-2023-38699

MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version...

9.1CVSS6.7AI score0.0024EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:43 a.m.14 views

CVE-2023-30620

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

7.5CVSS6.5AI score0.01EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.6 views

CVE-2023-50731

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

9.1CVSS7.9AI score0.00992EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:43 a.m.14 views

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS7.6AI score0.00864EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:40 a.m.12 views

CVE-2024-45855

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it...

7.5CVSS7.3AI score0.00481EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:35 a.m.6 views

CVE-2024-45853

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction...

7.5CVSS7.3AI score0.00481EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:34 a.m.31 views

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a...

8.8CVSS7.5AI score0.00864EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:33 a.m.12 views

CVE-2024-45849

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query i...

8.8CVSS7.6AI score0.00864EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 3:32 a.m.6 views

CVE-2024-45854

Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it...

7.5CVSS7.2AI score0.00481EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:29 a.m.12 views

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

9CVSS5.9AI score0.00473EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:29 a.m.18 views

CVE-2024-45847

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...

8.8CVSS7.5AI score0.00851EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:28 a.m.8 views

CVE-2024-45852

Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with...

8.8CVSS7.2AI score0.0068EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/05 2:24 a.m.7 views

CVE-2024-24759

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contai...

9.3CVSS6.8AI score0.04936EPSS
Exploits1References1
Rows per page
Query Builder