CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

Snyk•added 2025/06/23 3:40 p.m.•3 views

Server-side Request Forgery (SSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via insufficient validation of th...

6.9CVSS7.2AI score0.0037EPSS

Exploits0References2

Github Security Blog•added 2025/06/23 3:31 p.m.•7 views

MLFlow SSRF via gateway_proxy_handler

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS5.6AI score0.0037EPSS

Exploits0References7Affected Software1

PyPA•added 2025/06/23 3:15 p.m.•8 views

PYSEC-2025-52

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS7AI score0.0037EPSS

Exploits0References4Affected Software1

NVD•added 2025/06/23 3:15 p.m.•5 views

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS0.0037EPSS

Exploits0References3

Cvelist•added 2025/06/23 12:0 a.m.•7 views

CVE-2025-52967

gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...

5.8CVSS0.0037EPSS

Exploits0References3

Github Security Blog•added 2025/04/02 5:25 p.m.•16 views

Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler

Impact Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to valid responses. By...

5.4CVSS7.6AI score0.00586EPSS

Exploits0References9Affected Software1

Vulnrichment•added 2023/04/27 2:8 p.m.•13 views

CVE-2023-30847 H2O vulnerable to read from uninitialized pointer in the reverse proxy handler

H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP...

8.2CVSS8.1AI score0.00902EPSS

Exploits0References3

Veracode•added 2023/03/28 5:4 a.m.•16 views

Cross-Site Scripting (XSS)

miniflux.app is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of sanitizing the proxy handler in proxy.go which allows an attacker to inject and execute malicious JavaScript into the browser...

5.4CVSS5.4AI score0.00586EPSS

Exploits0References7Affected Software1

OSV•added 2018/06/13 2:29 p.m.•2 views

CVE-2018-12292

A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3...

9.8CVSS5.8AI score0.09182EPSS

Exploits5References2

Exploit DB•added 2018/02/20 12:0 a.m.•370 views

μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure

By default, utorrent create an HTTP RPC server on port 10000 uTorrent classic or 19575 uTorrent web. There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest. To be clear, visiting any website is enough to compromise these applications. uTorrent...

7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by