EUVD-2026-31210

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

CVE-2026-44563

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the /api/generate, /api/embed, /api/embeddings, and /api/show endpoints accept any model name from the user and forward the request to the Ollama backend without checking whether the...

EUVD-2024-1979

Malicious code in bioql PyPI...

Cross site request forgery (csrf)

Sharp NEC Displays P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8 allows an attacker execute remote code by sending unintended parameters in...

Path Traversal

mlflow is vulnerable to Path Traversal. The vulnerability exists due to filestore.py because it lacks adequate validation for model names with path separators, which allows an attacker to check if an arbitrary file exists on the server. The vulnerability is only applicable if the mlflow server or...

Netgear RBR750和NETGEAR 跨站脚本漏洞

Netgear RBR750 and NETGEAR are both products of Netgear, Inc.RBR750 is a home WiFi system.NETGEAR is a router. A hardware device that connects two or more networks and acts as a gateway between them. A security vulnerability exists in NETGEAR devices that are affected by stored cross-site...