Lucene search
K

30 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.16 views

CVE-2024-5062

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS5.7AI score0.00388EPSS
Exploits1References1
OSV
OSV
added 2024/11/14 6:15 p.m.13 views

CVE-2024-4311

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...

5.4CVSS7.3AI score
Exploits0References2
NVD
NVD
added 2024/11/14 6:15 p.m.27 views

CVE-2024-4311

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...

5.4CVSS0.00456EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/11/14 5:35 p.m.11 views

CVE-2024-4311 Lack of login attempt rate-limiting in zenml-io/zenml

zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the...

5.4CVSS5.7AI score0.00456EPSS
Exploits1References2
CVE
CVE
added 2024/11/14 5:35 p.m.92 views

CVE-2024-4311

ZenML 0.56.4 is affected by CVE-2024-4311 due to no rate-limiting on the password-change flow, enabling brute-forcing of the current password via /api/v1/current-user and potentially taking over the user account. Affected component: password update function. Impact: account takeover with unauthen...

5.4CVSS5.6AI score0.00456EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/06/30 4:15 p.m.40 views

CVE-2024-5062

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS0.00388EPSS
Exploits1References2
OSV
OSV
added 2024/06/30 4:15 p.m.19 views

CVE-2024-5062

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

6.1CVSS5.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/30 3:14 p.m.21 views

CVE-2024-5062 Reflected XSS through survey redirect parameter in zenml-io/zenml

A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a...

5.3CVSS5.7AI score0.00388EPSS
Exploits1References2
CVE
CVE
added 2024/06/30 3:14 p.m.65 views

CVE-2024-5062

CVE-2024-5062 : A reflected XSS in zenml-io/zenml

6.1CVSS5.4AI score0.00388EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/24 6:58 a.m.13 views

CVE-2024-4460

...

4.6AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/06/08 9:30 p.m.23 views

zenml-io/zenml does not expire the session after password reset

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

8.8CVSS6.9AI score0.00405EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/06/08 7:38 p.m.30 views

CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

3.9CVSS0.00405EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/06/08 7:38 p.m.14 views

CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml

A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the...

3.9CVSS7.2AI score0.00405EPSS
Exploits1References1
OSV
OSV
added 2024/06/06 7:15 p.m.12 views

CVE-2024-2035

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

6.5CVSS6.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/06 6:49 p.m.25 views

CVE-2024-2032 Race Condition Vulnerability in zenml-io/zenml

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

3.1CVSS6.9AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/06 6:25 p.m.18 views

CVE-2024-2035 Improper Authorization in zenml-io/zenml

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the active status of user accounts to false,...

6.5CVSS6.5AI score0.00623EPSS
Exploits1References2
CVE
CVE
added 2024/06/06 6:25 p.m.102 views

CVE-2024-2035

ZenML CVE-2024-2035 affects the zenml-io/zenml project. The root cause is improper authorization on the API PUT /api/v1/users/id, allowing any authenticated user to modify other users’ data (including setting active to false), potentially deactivating admin accounts. Affected version: 0.55.3. Mit...

6.5CVSS6.3AI score0.00623EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 6:22 p.m.19 views

CVE-2024-2171 Stored XSS in zenml-io/zenml

A stored Cross-Site Scripting XSS vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logourl' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The...

3.4CVSS5.5AI score0.00364EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/06/06 6:19 p.m.19 views

CVE-2024-2213 Improper Authentication in zenml-io/zenml

An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized...

3.3CVSS7AI score0.00241EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/06 6:19 p.m.25 views

CVE-2024-2213 Improper Authentication in zenml-io/zenml

An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized...

3.3CVSS0.00241EPSS
Exploits1References2
Rows per page
Query Builder