CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

147 matches found

Github Security Blog•added 2026/03/27 6:31 p.m.•5 views

MLFlow allows Tracing + Assessments Access

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...

8.1CVSS7.1AI score0.00318EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/03/27 4:17 p.m.•2 views

CVE-2025-15381

8.1CVSS7.1AI score0.00318EPSS

Exploits1References2

Positive Technologies•added 2026/03/27 12:0 a.m.•5 views

PT-2026-28274

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NO PERMISSIONS on the experiment, to read trace information and create assessments for...

8.1CVSS5.9AI score0.00318EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 11:18 a.m.•2 views

CVE-2021-0987

In getNeighboringCellInfo of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User...

3.3CVSS5.4AI score0.0011EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:15 a.m.•2 views

CVE-2021-0391

In onCreate of ChooseTypeAndAccountActivity.java, there is a possible way to learn the existence of an account, without permissions, due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for...

7.8CVSS6.7AI score0.00657EPSS

Exploits0References1