Lucene search
+L

508 matches found

NVD
NVD
added 2026/05/15 3:16 a.m.34 views

CVE-2026-2652

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS0.01502EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/15 2:13 a.m.10 views

CVE-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.5AI score0.01502EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 2:13 a.m.3 views

CVE-2026-2652 Authentication Bypass in mlflow/mlflow

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS7.4AI score0.01502EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/05/13 12:0 a.m.29 views

No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills

LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 4:36 a.m.11 views

Malicious code in @uipath/traces-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4875a66ac70789891a0be8418fb640e648e30654ea5f5d3a8f5f7b9760f70e93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
OSV
OSV
added 2026/05/12 4:36 a.m.13 views

MAL-2026-3582 Malicious code in @uipath/traces-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4875a66ac70789891a0be8418fb640e648e30654ea5f5d3a8f5f7b9760f70e93 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/12 3:31 a.m.9 views

SUSE CVE-2026-43298

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace during deinitialization. 71.913601 drm clean up the vf2pf work item 71.915088 ------------ cut here...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/11 4:36 p.m.51 views

CVE-2026-44226 pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

5.3CVSS0.00336EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:36 p.m.6 views

CVE-2026-44226

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

5.3CVSS5.8AI score0.00336EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:36 p.m.8 views

CVE-2026-44226 pyLoad: Unauthenticated traceback disclosure via global exception handler in WebUI

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/ is reachable without authentication and renders attacker-controlled template names, an...

5.3CVSS5.8AI score0.00336EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev100 contained security vulnerabilities. These vulnerabilities stemmed from the WebUI returning complete Python trace details when exceptions were not handled properly. This could allow...

5.3CVSS5.8AI score0.00336EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.35 views

Continuous Discovery of Vulnerabilities in LLM Serving Systems with Fuzzing

LLM inference and serving systems have become security-critical infrastructure; however, many of their most concerning failures arise from the serving layer rather than from model behavior alone. Modern inference engines combine KV cache, batching, prefix sharing, speculative decoding, adapters,...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28568

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip vcn poison irq release on VF VF doesn't enable VCN poison irq in VCNv2.5. Skip releasing it and avoid call trace during deinitialization. 71.913601 drm clean up the vf2pf work item 71.915088 ------------ cut here...

5.7AI score0.00121EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/07 5:29 p.m.9 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

8.2CVSS7.2AI score0.00566EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.24 views

PT-2026-38393

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description The CallSite wrapper class, designed as a safe wrapper for V8's native CallSite, fails to sanitize the output of the getFileName function. While the class blocks getThis and getFunction to prevent host...

5.8CVSS5.9AI score0.00241EPSS
Exploits1References7
OSV
OSV
added 2026/05/06 9:39 p.m.28 views

GHSA-QRCH-52M5-VV85 Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/06 5:54 p.m.10 views

Information Exposure

Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Information Exposure via the global exception handling process in the WebUI. An attacker can obtain sensitive internal implementation details, such as stack...

6.9CVSS5.8AI score0.00336EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/06 12:30 p.m.10 views

EUVD-2025-209665

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

3.1CVSS5.9AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 11:16 a.m.12 views

CVE-2025-59853

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

5.3CVSS0.00166EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 10:26 a.m.19 views

CVE-2025-59853

Technical details (affected software/versions/root cause/impact) are not publicly provided in the supplied documents; monitor for updates from vendors and authorities.

5.3CVSS5.9AI score0.00166EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder