Lucene search
K

10 matches found

Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-8147 Authorization Bypass in mlflow/mlflow

In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators. This allows any authenticated user to bypass experiment-level authorization controls on all trace operations, including reading, deleting, and modifying trac...

8.1CVSS0.00348EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.7 views

CVE-2019-1010306

Slanger 0.6.0 is affected by: Remote Code Execution RCE. The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after...

9.8CVSS8.2AI score0.04042EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/17 12:0 a.m.1 views

Slanger Message handler&request validator command execution vulnerability

Slanger is an open source server implementation of the Pusher protocol written in Ruby.Message handler&request validator is one of the message handler and request validator . A security vulnerability exists in the Message handler&request validator in Slanger version 0.6.0. A remote attacker can...

9.8CVSS7.5AI score0.04042EPSS
Exploits0References1
OSV
OSV
added 2019/07/16 12:41 a.m.12 views

GHSA-RG32-M3HF-772V Slanger Arbitrary command execution

Slanger 0.6.0 is affected by Remote Code Execution RCE. The impact is A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is Message handler & request validator. The attack vector is Remote unauthenticated. The fixed version is after commit...

9.8CVSS9.9AI score0.04042EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2019/07/16 12:41 a.m.20 views

Slanger Arbitrary command execution

Slanger 0.6.0 is affected by Remote Code Execution RCE. The impact is A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is Message handler & request validator. The attack vector is Remote unauthenticated. The fixed version is after commit...

9.8CVSS9.7AI score0.04042EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/07/15 3:15 p.m.24 views

CVE-2019-1010306

Slanger 0.6.0 is affected by: Remote Code Execution RCE. The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after...

9.8CVSS9.9AI score0.04042EPSS
Exploits0References1
OSV
OSV
added 2019/07/15 3:15 p.m.12 views

CVE-2019-1010306

Slanger 0.6.0 is affected by: Remote Code Execution RCE. The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after...

9.8CVSS9.9AI score
Exploits0References1
Prion
Prion
added 2019/07/15 3:15 p.m.15 views

Design/Logic Flaw

Slanger 0.6.0 is affected by: Remote Code Execution RCE. The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after...

7.5CVSS9.9AI score0.04042EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/07/15 2:32 p.m.22 views

CVE-2019-1010306

Slanger 0.6.0 is affected by: Remote Code Execution RCE. The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after...

9.9AI score0.04042EPSS
Exploits0References1
CVE
CVE
added 2019/07/15 2:32 p.m.85 views

CVE-2019-1010306

Slanger 0.6.0 is affected by a Remote Code Execution (RCE) vulnerability in the Message handler and request validator. A remote, unauthenticated attacker can execute arbitrary commands by sending a crafted request to the server. The issue is addressed by a fix committed as 5267b455caeb2e055cccf0d...

9.8CVSS9.8AI score0.04042EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder