Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:20 a.m.4 views

CVE-2024-2171

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

4.8CVSS4.8AI score0.00364EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.6 views

CVE-2024-2083

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The...

9.9CVSS9.4AI score0.3909EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2024-0195

Malicious code in bioql PyPI...

4.8CVSS4.4AI score0.00364EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0194

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00623EPSS
Exploits1References7
NVD
NVD
added 2024/06/06 7:15 p.m.31 views

CVE-2024-2035

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

6.5CVSS0.00623EPSS
Exploits1References2
NVD
NVD
added 2024/06/06 7:15 p.m.26 views

CVE-2024-2171

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

4.8CVSS0.00364EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 7:15 p.m.12 views

PYSEC-2024-169

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

6.5CVSS6.3AI score0.00623EPSS
Exploits1References6
CVE
CVE
added 2024/06/06 6:22 p.m.60 views

CVE-2024-2171

ZenML stored XSS (CVE-2024-2171) affects ZenML prior to 0.56.2 due to unsafely accepted content in the repository field logo_url . The issue is a stored XSS that could allow an attacker to inject payloads, potentially compromising user accounts. Affected version: 0.55.3; fix: 0.56.2. Multiple con...

4.8CVSS3.7AI score0.00364EPSS
Exploits1References2Affected Software1
PyPA
PyPA
added 2024/04/16 12:15 a.m.10 views

PYSEC-2024-247

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The...

9.9CVSS7AI score0.3909EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2024/04/16 12:15 a.m.28 views

CVE-2024-2083

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The...

9.9CVSS7AI score
Exploits0References2
OSV
OSV
added 2024/04/16 12:15 a.m.5 views

PYSEC-2024-247

A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The...

9.9CVSS7.2AI score0.3909EPSS
Exploits2References5
Rows per page
Query Builder