Lucene search
K

4 matches found

Veracode
Veracode
added 2025/04/01 2:36 a.m.5 views

Cross-Site Request Forgery (CSRF)

mlflow is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to lack of proper protection mechanisms in the Signup feature, allowing an attacker to craft malicious requests to create an account and perform unauthorized actions...

7.1CVSS7AI score0.00202EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2025/03/20 6:47 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the Signup feature. An...

7.1CVSS7.1AI score0.00202EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.3 views

PT-2025-7512 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions 2.17.0 through 2.20.1 Description: A Cross-Site Request Forgery CSRF issue exists in the Signup feature. This allows an attacker to create a new account, which can be used to perform unauthorized actions on behalf of th...

7.1CVSS5.3AI score0.00202EPSS
Exploits1References13
Hacker One
Hacker One
added 2018/06/02 9:35 p.m.30 views

Liberapay: Liberapay Non Verified Account Takeover with signup feature

Hi, So i saw a strange behaviour of your web on signup feature when that can be escalated to Account Takeover but for limited timeline, Issue: When a New user signup for an account on https://en.liberapay.com/ he have to enter his email address only and it doesn't say anything about sending a...

7AI score
Exploits0
Rows per page
Query Builder