| Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ... | Result(s) : 271074 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2024-04-16 | CVE-2024-1456 | cve | An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was fo... |
| N/A | 2024-04-16 | CVE-2024-1483 | cve | A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with... |
| N/A | 2024-04-16 | CVE-2024-1558 | cve | A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `s... |
| N/A | 2024-04-16 | CVE-2024-1560 | cve | A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploitin... |
| N/A | 2024-04-16 | CVE-2024-1561 | cve | An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controll... |
| N/A | 2024-04-16 | CVE-2024-1569 | cve | parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar e... |
| N/A | 2024-04-16 | CVE-2024-1593 | cve | A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' c... |
| N/A | 2024-04-16 | CVE-2024-1594 | cve | A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attacke... |
| N/A | 2024-04-16 | CVE-2024-1601 | cve | An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message ... |
| N/A | 2024-04-16 | CVE-2024-1626 | cve | An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows a... |
| N/A | 2024-04-16 | CVE-2024-1646 | cve | parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0... |
| N/A | 2024-04-16 | CVE-2024-1665 | cve | lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing server-side checks for user account status during evaluation creation. While the ... |
| N/A | 2024-04-16 | CVE-2024-1666 | cve | In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if... |
| N/A | 2024-04-16 | CVE-2024-1738 | cve | An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerabi... |
| N/A | 2024-04-16 | CVE-2024-1739 | cve | lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email ... |
| N/A | 2024-04-16 | CVE-2024-1961 | cve | vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vu... |
| N/A | 2024-04-16 | CVE-2024-2083 | cve | A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipula... |
| N/A | 2024-04-16 | CVE-2024-2260 | cve | A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an att... |
| N/A | 2024-04-16 | CVE-2024-2912 | cve | An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this v... |
| N/A | 2024-04-16 | CVE-2024-30567 | cve | An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. |
| Page(s) : 1 [2] 3 4 5 6 7 8 9 10 11 12 ... | Result(s) : 271074 |
