8.8

CVSS3.1

CVE-2024-37060 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously crafted Recipe to execute arbitrary code on an end userโ€™s system when run.

๐Ÿ“… Published: June 4, 2024, 12:02 p.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:46 p.m.

8.8

CVSS3.1

CVE-2024-37059 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously uploaded PyTorch model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, 12:01 p.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:46 p.m.

8.8

CVSS3.1

CVE-2024-37058 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously uploaded Langchain AgentExecutor model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, 12:01 p.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:46 p.m.

7.1

CVSS3.0

CVE-2024-4254 - Secrets Exfiltration in gradio-app/gradio

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it alloโ€ฆ

๐Ÿ“… Published: June 4, 2024, 12:01 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 2:14 p.m.

8.8

CVSS3.1

CVE-2024-37057 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, 12:01 p.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:45 p.m.

8.8

CVSS3.1

CVE-2024-37056 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, 12:01 p.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:45 p.m.

8.8

CVSS3.1

CVE-2024-37055 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, noon ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:44 p.m.

8.8

CVSS3.1

CVE-2024-37054 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, noon ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:40 p.m.

8.8

CVSS3.1

CVE-2024-37053 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, noon ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:35 p.m.

8.8

CVSS3.1

CVE-2024-37052 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, 11:59 a.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:35 p.m.
Total resulsts: 347725
Page 9443 of 34,773
ยซ previous page ยป next page
Filters