967 matches found
CVE-2024-27320
The CVE-2024-27320 entry concerns the Refuel Autolabel library. The connected PT-2024-21820 and related sources confirm an arbitrary code execution flaw in versions 0.0.8 and newer, caused by handling of CSV files in classification tasks where Python code can be injected and executed via eval. Im...
CVE-2024-27320
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
CVE-2024-27320
An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...
MindsDB 安全漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions 23.10.5.0 through 24.7.4.1, which stems from the presence of an arbitrary code execution vulnerability, where if a specially crafted INSERT query containing Python code...
MindsDB 安全漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions 23.10.3.0 through 24.7.4.1, which stems from the presence of an arbitrary code execution vulnerability that, if a specially crafted SELECT WHERE clause containing Pytho...
Autolabel 安全漏洞
Autolabel is a Python library open-sourced by refuel-ai. It is used to label, clean, and enrich textual datasets using any Large Language Model LLM. A security vulnerability exists in Autolabel 0.0.8 and earlier versions, which stems from the presence of an arbitrary code execution vulnerability,...
Autolabel 安全漏洞
Autolabel is a Python library open-sourced by refuel-ai. It is used to label, clean, and enrich textual datasets using any Large Language Model LLM. A security vulnerability exists in Autolabel 0.0.8 and earlier versions, which stems from the presence of an arbitrary code execution vulnerability...
MindsDB 安全漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions 23.11.4.2 through 24.7.4.1, which stems from the presence of an arbitrary code execution vulnerability that is passed to the eval function and executed on the server if...
MindsDB 安全漏洞
MindsDB is an emerging low-code machine learning platform from MindsDB, Inc. A security vulnerability exists in MindsDB versions 23.12.4.0 through 24.7.4.1, which stems from the presence of an arbitrary code execution vulnerability that is passed to the eval function and executed on the server if...
PT-2024-6371 · Mindsdb +1 · Mindsdb +1
Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.10.3.0 through 24.7.4.1 Description: An arbitrary code execution issue exists when the Weaviate integration is installed on the server. If a specially crafted SELECT WHERE clause containing Python code is run against a...
PT-2024-6368 · Mindsdb · Mindsdb
Name of the Vulnerable Software and Affected Versions: MindsDB versions 23.11.4.2 through 24.7.4.1 Description: An arbitrary code execution issue exists when one of several integrations is installed on the server. If a specially crafted UPDATE query containing Python code is run against a databas...
Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
Cybersecurity researchers are warning about the security risks in the machine learning ML software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-bas...
CVE-2024-43404 Remote Code Execution Vulnerability in MEGABOT
MEGABOT is a fully customized Discord bot for learning and fun. The /math command and functionality of MEGABOT versions 1.5.0 contains a remote code execution vulnerability due to a Python eval. The vulnerability allows an attacker to inject Python code into the expression parameter when using...
MEGABOT Discord Bot 安全漏洞
MEGABOT Discord Bot is a fully customized Discord bot by Nic Jones personal developer. It is used for learning and entertainment. A security vulnerability exists in MEGABOT Discord Bot versions prior to 1.5.0, which stems from the presence of a remote code execution issue that allows an attacker ...
CVE-2024-6891
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...
CVE-2024-6891
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...
Open WebUI 0.1.105 File Upload / Path Traversal Vulnerabilities
Title: Open WebUI Arbitrary File Upload + Path Traversal Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-006.txt 1. Vulnerability Details Affected Vendor: Open WebUI Affected Product: Open WebUI Affected Version: 0.1.105 Platform: Debian 12 CWE Classification: CWE-22:...
CVE-2024-6891 Journyx Authenticated Remote Code Execution
Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow...
PT-2024-37932 · Journyx · Journyx
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Attackers with a valid username and password can exploit a python code injection vulnerability during the natural login flow. This issue allows for the...
Ongoing Cyberattack Targets Exposed Selenium Grid Services for Crypto Mining
Cybersecurity researchers are sounding the alarm over an ongoing campaign that's leveraging internet-exposed Selenium Grid services for illicit cryptocurrency mining. Cloud security firm Wiz is tracking the activity under the name SeleniumGreed. The campaign, which is targeting older versions of...