23 matches found
BIT-MLFLOW-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash
A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...
GHSA-67C5-X5MF-RPPQ MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. ...
NPM: VM2 Has Sandbox Breakout Through Inspect Function
NPM: VM2 Has Sandbox Breakout Through Inspect Function vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.3...
CVE-2026-0549 Groups <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'groups_group_info' Shortcode
The Groups plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'groupsgroupinfo' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000575)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000575 advisory. An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious...
PT-2025-48483
Incorrect access control in the SDAgent component of Shirt Pocket SuperDuper! v3.10 allows attackers to escalate privileges to root due to the improper use of a setuid binary...
CVE-2025-61228
An issue in Shirt Pocket SuperDuper! V.3.10 and before allows a local attacker to execute arbitrary code via the software update mechanism...
CVE-2024-3891
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML tags in widgets in all versions up to, and including, 3.10.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-10832
The Posti Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accountnumber and secretkey parameters in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
UBUNTU-CVE-2024-37674
Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name name parameter of a new activity...
CVE-2024-37222
Cross Site Scripting XSS vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0...
WordPress plugin Menu Image, Icons made easy Cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Menu Image, Icons made eas...
PT-2022-26016 · Siemens · Sicam P855 +1
Name of the Vulnerable Software and Affected Versions: SICAM P850 versions prior to V3.10 SICAM P855 versions prior to V3.10 Description: The affected devices do not properly validate the parameter of a specific GET request. This could allow an attacker to set the device to a denial of service...
PT-2022-34529 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v3.10 through v4.14.290 Description: The issue is related to a refcount leak in the bcm kona smc init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...
PT-2022-9905
Name of the Vulnerable Software and Affected Versions Python versions 3.x through 3.10 Description The issue is related to an open redirection vulnerability in lib/http/server.py due to no protection against multiple / at the beginning of URI path, which may lead to information disclosure. It is...
PT-2021-14791 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle version 3.10 Description: A command execution vulnerability exists in the default legacy spellchecker plugin. This issue can be exploited through a specially crafted series of HTTP requests, leading to command execution. An attacker mu...
CVE-2017-0452
An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Androi...
CVE-2017-0448
An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions...
CVE-2016-8476
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...
UBUNTU-CVE-2017-0427
An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...