Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Github Security Blog
Github Security Blogadded 2026/05/21 6:31 a.m.6 views

MLflow authenticated users can enumerate any registered model versions due to lack of per-model permissions checks

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS6.3AI score0.00396EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2026/05/21 5:16 a.m.16 views

CVE-2026-2734

In mlflow/mlflow versions up to 3.9.0, the SearchModelVersions REST API endpoint and the mlflowSearchModelVersions GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows any authenticated user to enumerate all model versions across all registere...

6.5CVSS0.00396EPSS
Exploits1References2
CVE
CVEadded 2026/05/15 6:36 p.m.12 views

CVE-2026-45009

CVE-2026-45009 affects phpMyFAQ prior to 4.1.2. The issue is an insufficient authorization check in admin-api routes, allowing authenticated ordinary users to access administrative endpoints without verifying backend privileges. This can expose sensitive backend information such as dashboard vers...

5.3CVSS5.8AI score0.00168EPSS
Exploits0References2
CVE
CVEadded 2026/03/19 10:1 p.m.13 views

CVE-2026-33355

Discourse (open-source) is affected by CVE-2026-33355. The vulnerability affects the /private-posts endpoint where post-type visibility filtering was not applied, enabling regular PM participants to see whisper posts in PM topics to which they had access. Affected versions are 2026.3.0-latest.1, ...

6.5CVSS5.8AI score0.00414EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2025/09/18 2:51 p.m.8 views

Security Bulletin: Information Disclosure in IBM Lakehouse Allows Authenticated Users to Obtain Server Component Version Details , affects watsonx.data

Summary IBM Lakehouse could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-36181 DESCRIPTION: IBM Lakehouse could allow an authenticated...

6.1AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichmentadded 2025/08/14 9:7 a.m.3 views

CVE-2025-48861

A vulnerability in the Task API endpoint of the ctrlX OS setup mechanism allowed a remote, unauthenticated attacker to access and extract internal application data, including potential debug logs and the version of installed apps...

5.3CVSS7.2AI score0.00279EPSS
Exploits0References1
Rows per page
Query Builder