7.1

CVSS3.0

CVE-2024-4254 - Secrets Exfiltration in gradio-app/gradio

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it alloโ€ฆ

๐Ÿ“… Published: June 4, 2024, 12:01 p.m. ๐Ÿ”„ Last Modified: Oct. 21, 2025, 2:14 p.m.

8.8

CVSS3.1

CVE-2024-37057 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously uploaded Tensorflow model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, 12:01 p.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:45 p.m.

8.8

CVSS3.1

CVE-2024-37056 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously uploaded LightGBM scikit-learn model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, 12:01 p.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:45 p.m.

8.8

CVSS3.1

CVE-2024-37055 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously uploaded pmdarima model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, noon ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:44 p.m.

8.8

CVSS3.1

CVE-2024-37054 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously uploaded PyFunc model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, noon ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:40 p.m.

8.8

CVSS3.1

CVE-2024-37053 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, noon ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:35 p.m.

8.8

CVSS3.1

CVE-2024-37052 -

Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously uploaded scikit-learn model to run arbitrary code on an end userโ€™s system when interacted with.

๐Ÿ“… Published: June 4, 2024, 11:59 a.m. ๐Ÿ”„ Last Modified: Feb. 3, 2025, 2:35 p.m.

6.5

CVSS3.1

CVE-2023-49852 - WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4.

๐Ÿ“… Published: June 4, 2024, 11:57 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

3.7

CVSS3.1

CVE-2023-49822 - WordPress Ultimate Dashboard plugin <= 3.7.10 - Secret Login Page Location Disclosure on Multisitesโ€ฆ

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Vongries Ultimate Dashboard allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Ultimate Dashboard: from n/a through 3.7.10.

๐Ÿ“… Published: June 4, 2024, 11:24 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.

5.3

CVSS3.1

CVE-2023-49774 - WordPress WP Photo Album Plus plugin <= 8.5.02.005 - IP Bypass vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.

๐Ÿ“… Published: June 4, 2024, 11:23 a.m. ๐Ÿ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 349182
Page 9589 of 34,919
ยซ previous page ยป next page
Filters