CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

CVE•added 2026/03/30 1:16 a.m.•11 views

CVE-2025-15036

CVE-2025-15036 concerns a path-traversal vulnerability in the mlflow/mlflow project, specifically in mlflow/pyfunc/dbconnect_artifact_cache.py within extract_archive_to_dir(). The issue arises from unvalidated tar member paths during extraction, allowing a tar.gz controlled by an attacker to over...

10CVSS7.3AI score0.00037EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/24 8:47 a.m.•1 views

BIT-MLFLOW-2025-15031 Path Traversal Vulnerability in mlflow/mlflow

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

9.1CVSS7.7AI score0.00333EPSS

Exploits1References2

OSV•added 2026/03/19 12:30 a.m.•1 views

GHSA-FHFF-QMM8-H2FP Arbitrary file write via tar traversal in mlflow

8.1CVSS7.7AI score0.00333EPSS

Exploits1References5

Github Security Blog•added 2026/03/19 12:30 a.m.•3 views

Arbitrary file write via tar traversal in mlflow

9.1CVSS6.3AI score0.00333EPSS

Exploits1References5Affected Software1

NVD•added 2026/03/18 11:17 p.m.•1 views

CVE-2025-15031

9.1CVSS0.00333EPSS

Exploits1References1

ATTACKERKB•added 2026/03/18 10:6 p.m.•1 views

CVE-2025-15031

8.1CVSS6.3AI score0.00333EPSS

Exploits1References2

Vulnrichment•added 2026/03/18 10:6 p.m.•1 views

CVE-2025-15031 Path Traversal Vulnerability in mlflow/mlflow

8.1CVSS6.3AI score0.00333EPSS

Exploits1References1

Cvelist•added 2026/03/18 10:6 p.m.•16 views

CVE-2025-15031 Path Traversal Vulnerability in mlflow/mlflow

8.1CVSS0.00333EPSS

Exploits1References1

CNNVD•added 2026/03/18 12:0 a.m.•3 views

MLflow 路径遍历漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code for reproducible runs, and sharing and deploying models. MLFlow has a path traversal vulnerability, which stems from improper handling of tar archive entri...

9.1CVSS7.6AI score0.00333EPSS

Exploits1References2

Positive Technologies•added 2026/03/18 12:0 a.m.•0 views

PT-2026-26162

Name of the Vulnerable Software and Affected Versions MLflow affected versions not specified Description A flaw exists in the pyfunc extraction process within MLflow that can allow for arbitrary file writes. This occurs because of inadequate handling of entries within tar archives, specifically...

9.1CVSS7.7AI score0.00333EPSS

Exploits1References11

Veracode•added 2024/06/14 5:12 a.m.•14 views

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused by a lack of proper validation of untrusted data in the loadmodel function within the pmdarima/init.py file, allowing an attacker to execute arbitrary code by injecting a malicious pickle object into a PyFunc...

8.8CVSS7.9AI score0.00436EPSS

Exploits1References4Affected Software1

OSV•added 2024/06/08 7:26 a.m.•14 views

BIT-MLFLOW-2024-37054

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with...

8.8CVSS8.7AI score0.00217EPSS

Exploits5References2

Veracode•added 2024/06/07 6:8 a.m.•22 views

Deserialization Of Untrusted Data

mlflow is vulnerable to Deserialization of Untrusted Data. The vulnerability is caused due to inadequate input validation in the loadmodel function within mlflow/pytorch/init.py. This allows an attacker to execute arbitrary code on the victim's system by injecting a malicious pickle object into a...

8.8CVSS8.9AI score0.00436EPSS

Exploits1References4Affected Software1

OSV•added 2024/06/04 12:31 p.m.•0 views

GHSA-GHV6-9R9J-WH4J MLFlow unsafe deserialization

8.8CVSS7.4AI score0.00217EPSS

Exploits5References3

Github Security Blog•added 2024/06/04 12:31 p.m.•24 views

MLFlow unsafe deserialization

8.8CVSS8.8AI score0.00217EPSS

Exploits5References3Affected Software1

OSV•added 2024/06/04 12:15 p.m.•0 views

CVE-2024-37054

8.8CVSS6AI score

Exploits0References1

NVD•added 2024/06/04 12:15 p.m.•14 views

CVE-2024-37054

8.8CVSS8.8AI score0.00217EPSS

Exploits5References1

Vulnrichment•added 2024/06/04 12:0 p.m.•14 views

CVE-2024-37054

8.8CVSS8.8AI score0.00217EPSS

Exploits5References1

Positive Technologies•added 2024/06/04 12:0 a.m.•1 views

PT-2024-27269 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLflow platform versions 0.9.0 and newer Description: The issue allows deserialization of untrusted data, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user's system when interacted with. Recommendations: For...

8.8CVSS7.5AI score0.00217EPSS

Exploits5References7

OSV•added 2024/03/06 11:10 a.m.•11 views

BIT-TENSORFLOW-2022-41908 `CHECK` fail via inputs in `PyFunc` in Tensorflow

TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 bytestring will trigger a CHECK fail in tf.rawops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645. The fix will be included in TensorFlow 2.11. We will also...

7.5CVSS6.1AI score0.00313EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by