CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

978 matches found

Github Security Blog•added 2024/09/12 3:33 p.m.•21 views

MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a...

8.8CVSS7.7AI score0.00864EPSS

Exploits1References5Affected Software1

OSV•added 2024/09/12 3:33 p.m.•7 views

GHSA-WCJW-3V6P-4V3R MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine,...

8.8CVSS8.8AI score0.02148EPSS

Exploits1References5

OSV•added 2024/09/12 3:33 p.m.•13 views

GHSA-C85F-PCX6-2GHM MindsDB Eval Injection vulnerability

8.8CVSS8.7AI score0.00864EPSS

Exploits1References5

OSV•added 2024/09/12 3:33 p.m.•6 views

GHSA-V6G6-3CM3-VF6C MindsDB Eval Injection vulnerability

8.8CVSS8.7AI score0.00864EPSS

Exploits1References5

OSV•added 2024/09/12 3:33 p.m.•8 views

GHSA-CRMG-RP64-5CM3 MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration...

8.8CVSS8.8AI score0.00851EPSS

Exploits1References4

OSV•added 2024/09/12 3:33 p.m.•5 views

GHSA-G2M8-F3X2-QPRW Refuel Autolab Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted CSV file containing Python code, the code...

8.6CVSS7.8AI score0.00349EPSS

Exploits0References4

OSV•added 2024/09/12 3:33 p.m.•8 views

GHSA-9GQ6-6936-885W MindsDB Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the cod...

8.8CVSS8.8AI score0.00844EPSS

Exploits1References5

Github Security Blog•added 2024/09/12 3:33 p.m.•18 views

MindsDB Eval Injection vulnerability

8.8CVSS7.6AI score0.00864EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2024/09/12 3:33 p.m.•17 views

MindsDB Eval Injection vulnerability

8.8CVSS7.5AI score0.00844EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2024/09/12 3:33 p.m.•14 views

MindsDB Eval Injection vulnerability

8.8CVSS7.5AI score0.02148EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2024/09/12 3:33 p.m.•18 views

MindsDB Eval Injection vulnerability

8.8CVSS7.7AI score0.00864EPSS

Exploits1References5Affected Software1

OSV•added 2024/09/12 3:33 p.m.•8 views

GHSA-4FGP-7VVM-M4JF Refuel Autolab Eval Injection vulnerability

An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a maliciously crafted CSV file containing Python...

8.6CVSS7.8AI score0.00349EPSS

Exploits0References4