Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Snyk
Snykadded 2026/05/21 7:35 a.m.7 views

Access Control Bypass

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Access Control Bypass via the SearchModelVersions REST API endpoin...

7.1CVSS6.7AI score0.00396EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/21 3:49 a.m.41 views

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS0.00396EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/05/21 3:49 a.m.7 views

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS6.5AI score0.00396EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/05/21 12:0 a.m.7 views

MLflow 访问控制错误漏洞

MLFlow is an open-source platform that simplifies machine learning development. It includes features for tracking experiments, packaging code into repeatable runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contained a access control vulnerability. This vulnerability...

6.5CVSS6.7AI score0.00396EPSS
Exploits1References2
Openbugbounty
Openbugbountyadded 2017/10/04 1:27 a.m.16 views

siamphone.com XSS vulnerability

Vulnerable URL: http://www.siamphone.com/search//ajaxsearchmodel.php?jsoncallback=prompt/OPENBUGBOUNTY/...

6.9AI score
Exploits0
Prion
Prionadded 2016/11/15 11:59 a.m.10 views

Sql injection

In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection...

7.5CVSS8.2AI score0.0149EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2016/11/15 11:59 a.m.13 views

CVE-2016-9287

In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection...

9.8CVSS9.9AI score0.0149EPSS
Exploits0References2
Rows per page
Query Builder