Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-37059 |
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end user’s system when interacted with. Published: June 04, 2024; 8:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37058 |
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end user’s system when interacted with. Published: June 04, 2024; 8:15:12 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37057 |
Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end user’s system when interacted with. Published: June 04, 2024; 8:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37056 |
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end user’s system when interacted with. Published: June 04, 2024; 8:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37055 |
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end user’s system when interacted with. Published: June 04, 2024; 8:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37054 |
Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end user’s system when interacted with. Published: June 04, 2024; 8:15:11 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37053 |
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with. Published: June 04, 2024; 8:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2024-37052 |
Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end user’s system when interacted with. Published: June 04, 2024; 8:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-49852 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4. Published: June 04, 2024; 8:15:10 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-49822 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10. Published: June 04, 2024; 8:15:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-49774 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005. Published: June 04, 2024; 8:15:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-49748 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11. Published: June 04, 2024; 7:15:51 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-49741 |
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3. Published: June 04, 2024; 7:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-48753 |
Authentication Bypass by Spoofing vulnerability in 10up Restricted Site Access allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Restricted Site Access: from n/a through 7.4.1. Published: June 04, 2024; 7:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-48747 |
Improper Authentication vulnerability in Pluggabl LLC Booster for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booster for WooCommerce: from n/a through 7.1.2. Published: June 04, 2024; 7:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-48745 |
Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9. Published: June 04, 2024; 7:15:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-48335 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9. Published: June 04, 2024; 7:15:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-48318 |
Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41. Published: June 04, 2024; 7:15:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-48290 |
Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue affects Form Maker by 10Web: from n/a through 1.15.20. Published: June 04, 2024; 7:15:48 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |
CVE-2023-48285 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Tips and Tricks HQ Stripe Payments allows Code Injection.This issue affects Stripe Payments: from n/a through 2.0.79. Published: June 04, 2024; 7:15:48 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0:(not available) |