Search Results (367078 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-1483 1 Lfprojects 1 Mlflow 2025-02-03 7.5 High
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers.
CVE-2024-28973 1 Dell 9 Data Domain Operating System, Dd3300, Dd6400 and 6 more 2025-02-03 5.9 Medium
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
CVE-2024-37061 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted MLproject to execute arbitrary code on an end user’s system when run.
CVE-2024-47476 1 Dell 1 Networker Management Console 2025-02-03 7.8 High
Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2024-37060 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end user’s system when run.
CVE-2024-37059 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with.
CVE-2024-37058 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with.
CVE-2024-37057 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with.
CVE-2024-37056 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with.
CVE-2024-37055 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with.
CVE-2024-37054 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with.
CVE-2024-42422 1 Dell 1 Networker 2025-02-03 8.3 High
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-37053 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.
CVE-2024-37052 1 Lfprojects 1 Mlflow 2025-02-03 8.8 High
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with.
CVE-2018-9389 1 Google 1 Android 2025-02-03 5.1 Medium
In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-19245 1 Napc 1 Xinet Elegant 6 Asset Library 2025-02-02 9.8 Critical
NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginForm[username] field when double quotes are used.
CVE-2022-4118 1 Coinmarketstats 1 Bitcoin \/ Altcoin Payment Gateway For Woocommerce 2025-01-31 9.8 Critical
The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users
CVE-2024-57775 1 Jfinaloa Project 1 Jfinaloa 2025-01-31 8.8 High
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid.
CVE-2024-55503 2 Apple, Termius 2 Macos, Termius 2025-01-31 3.3 Low
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.
CVE-2024-53407 1 Phiewer 1 Phiewer 2025-01-31 3.3 Low
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.