CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the createmodelversion function within server/handlers.py of the mlflow/mlflow repository, due to improper validation of the source parameter. Attackers can exploit this vulnerability by crafting a source parameter that bypasses the...

PT-2024-18129 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow affected versions not specified Description: A path traversal issue exists due to improper validation of the source parameter in the create model version function. This allows attackers to bypass checks by the validate non local...

Mlflow 路径遍历漏洞

Mlflow is an open source platform for machine learning lifecycles. A path traversal vulnerability exists in Mlflow due to improper validation of the "source" parameter. An attacker can use this vulnerability to read and access arbitrary files on the server...

go2rtc 跨站脚本漏洞

go2rtc is an ultimate camera streaming application by Alex X Personal Developer that supports RTSP, RTMP, HTTP-FLV, WebRTC, MSE, HLS, MP4, MJPEG, HomeKit, FFmpeg and more. A cross-site scripting vulnerability exists in go2rtc 1.8.5 and earlier versions, which stems from the src GET parameter in...

Kubeflow 跨站脚本漏洞

Kubeflow is a cloud-native platform open-sourced by Kubeflow. Kubeflow cross-site scripting vulnerability , the vulnerability stems from the source parameter of the user-supplied data lack of effective filtering and escaping , an attacker can use this vulnerability to hijack the account through...

CVE-2023-45480

Tenda AC10 version USAC10V4.0siV16.03.10.13cn was discovered to contain a stack overflow via the src parameter in the function sub47D878...

CVE-2023-1384

The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3...

Ubiquiti EdgeRouter 命令注入漏洞

The Ubiquiti EdgeRouter is a router from Ubiquiti, Inc. A command injection vulnerability exists in Ubiquiti EdgeRouter X version 2.0.9-hotfix.6 and prior versions, which stems from an incorrect manipulation of the parameter src that can lead to command injection...

GHSA-W974-RQ9X-MH3V Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter

Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

Liferea 操作系统命令注入漏洞

Liferea is a desktop subscription feed reader/news aggregator from the individual developer Lars Windolf. It brings together all the content of a customer's favorite subscriptions into a simple interface that makes it easy to organize and browse subscription feeds. Liferea suffers from an OS...

Horde Groupware Webmail Edition Insecure Deserialization (CVE-2022-30287)

An insecure deserialization vulnerability exists in Horde Groupware Webmail Edition. This vulnerability is due to improper input validation of the source parameter used for fetching an address book configuration...

PT-2022-25359 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP versions prior to 1.7.3 Description: A security issue was discovered that allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the source parameter, due to a Server-Side...

Z-BlogPHP 代码问题漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP 1.7.2 and earlier versions, which stems from a server-side request forgery SSRF vulnerability in the zbusers/plugin/UEditor/php/actioncrawler.php file that allows a remote...

CVE-2022-23980

Cross-Site Scripting XSS vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin versions = 2.9.9, vulnerable at parameter 'source'...

CVE-2021-25074

The WebP Converter for Media WordPress plugin before 4.0.3 contains a file passthru.php which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue...

CVE-2020-23534

A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...

CVE-2020-23534

A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...

Server side request forgery (ssrf)

A server-side request forgery SSRF vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter...

Sven gopeak masterlab code issue vulnerability

Sven gopeak masterlab is a Sven open source application. Provides simple and efficient , agile development based project management tools . gopeak masterlab 2.1.5 A code issue vulnerability exists in the Upgrade.php source parameter...

Command injection

KLog Server through 2.4.1 allows authenticated command injection. async.php calls shellexec on the original value of the source parameter...