All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
In MLflow (a machine learning workflow tool) version 2.18, administrators can create user accounts without requiring passwords, which violates security best practices and could allow unauthorized access to accounts. This vulnerability is classified under weak password requirements, meaning the system doesn't enforce strong authentication measures.
Fix: The issue is fixed in version 2.19.0. Users should upgrade MLflow from version 2.18 to version 2.19.0 or later.
NVD/CVE DatabaseA CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website) exists in the Signup feature of MLflow versions 2.17.0 to 2.20.1, allowing attackers to create unauthorized accounts. This could enable an attacker to perform malicious actions while appearing to be a legitimate user.
MLflow version 2.17.2 has a vulnerability in its `/graphql` endpoint (a web interface for querying data) that allows attackers to perform a denial of service attack (making a service unavailable) by sending large batches of repeated queries. This exhausts all the workers (processes handling requests) that MLflow has available, preventing the application from responding to legitimate requests.
Ollama (an AI model framework) versions 0.3.14 and earlier have a vulnerability where a malicious user can upload a specially crafted GGUF model file (a format for storing AI models) that causes a division by zero error (when code tries to divide a number by zero, crashing the program) in the ggufPadding function, crashing the server and making it unavailable (a Denial of Service attack).
A vulnerability in Ollama (an AI model software) version 0.3.14 and earlier allows an attacker to upload a specially crafted GGUF model file (a format for storing AI models) that tricks the server into using unlimited memory, causing a denial of service (DoS, a situation where a system becomes unavailable to users). The vulnerability stems from the server not properly limiting how much memory it allocates when processing model files.
CVE-2025-0312 is a vulnerability in Ollama (a tool for running AI models locally) versions 0.3.14 and earlier that allows an attacker to upload a malicious GGUF model file (a specific format for storing AI model weights). When the server processes this file, it crashes due to a null pointer dereference (trying to access memory that doesn't contain valid data), which can be exploited remotely to cause a denial of service attack (making the service unavailable to legitimate users).
CVE-2025-0187 is a denial of service (DoS, an attack that makes a service unavailable) vulnerability in Gradio version 0.39.1's file upload feature. An attacker can send a request with an extremely large filename, which the server doesn't handle properly, causing it to become overwhelmed and stop responding to legitimate users.
CVE-2024-9070 is a deserialization vulnerability (a security flaw where untrusted data is converted back into executable code) in BentoML versions 1.3.4.post1 and earlier that affects the runner server component. An attacker can exploit this by setting specific parameters to execute arbitrary code (any commands they choose) on the affected server, causing severe damage.
BentoML version v1.3.4post1 has a vulnerability that allows attackers to cause a denial of service (DoS, making a service unavailable by overwhelming it with requests) by adding extra characters like dashes to the end of a multipart boundary (the delimiter that separates different parts of an HTTP request). This causes the server to waste resources processing these characters repeatedly, and since it requires no authentication or user interaction, it affects all users of the service.
vllm version 0.6.0 has a vulnerability in its RPC server (a system that allows remote programs to request operations) where the _make_handler_coro() function uses cloudpickle.loads() to process incoming messages without checking if they're safe first. An attacker can send malicious serialized data (pickle is a format for converting Python objects into bytes) to execute arbitrary code on the affected system.
CVE-2024-8966 is a vulnerability in Gradio version @gradio/video@0.10.2 that allows attackers to cause a Denial of Service (DoS, when a system becomes unavailable to users) by uploading files with extremely long multipart boundaries (the separators in file upload data). The attack forces the system to continuously process characters and issue warnings, making Gradio inaccessible for extended periods.
A divide by zero vulnerability (a math error where code tries to divide a number by zero, crashing the program) exists in ollama version v0.3.3 that triggers when importing GGUF models (a machine learning model format) with a specially crafted `block_count` value in the Modelfile. This vulnerability can cause a denial of service (DoS, making the server unavailable) by crashing the ollama server when it processes the malicious model.
CVE-2024-8021 is an open redirect vulnerability (a flaw that tricks users into visiting attacker-controlled websites by misusing URL encoding) in the latest version of Gradio, an open-source AI framework. An attacker can exploit this by sending a specially crafted request that causes the application to automatically redirect users (HTTP 302 response) to a malicious site.
The `/openai/models` endpoint in open-webui version 0.3.8 has a Server-Side Request Forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making requests to unintended locations). An attacker can change the OpenAI URL to any address without validation, allowing the endpoint to send requests to that URL and return the response, potentially exposing internal services and secrets.
CVE-2024-7776 is a vulnerability in the ONNX framework (a tool for machine learning models) version 1.16.1 and earlier, where the `download_model` function fails to properly block path traversal attacks (a technique where attackers use special file path sequences to access files outside the intended directory). An attacker could exploit this to overwrite files on a user's system, potentially leading to remote code execution (running malicious commands on the victim's computer).
MLflow version v2.13.2 has a vulnerability that allows someone to create or rename an experiment with an extremely long name containing many numbers, which causes the MLflow UI (user interface panel) to stop responding, creating a denial of service (when a system becomes unusable). The problem exists because there are no limits on how long experiment names or the artifact_location parameter can be.
CVE-2024-6577 is a vulnerability in PyTorch Serve where a script called 'upload_results_to_s3.sh' references an Amazon S3 bucket (a cloud storage service) without verifying that the script's creators actually own or control it, potentially allowing unauthorized access to sensitive data stored in that bucket.
Dify version 0.10.1 contains a Server-Side Request Forgery (SSRF) vulnerability, which is a weakness where an attacker tricks a server into making requests to unintended targets. Through the 'Create Custom Tool' REST API endpoint, attackers can manipulate the URL parameter to make the victim's server access unauthorized web resources using the server's own credentials.
A ReDoS (regular expression denial of service, where a poorly designed search pattern can be exploited to consume excessive computer processing power) vulnerability was found in the huggingface/transformers library version 4.46.3, specifically in code that processes text tokens. An attacker could send specially crafted input that causes the regex to work inefficiently, using up all the CPU and crashing the application.
Fix: A patch is available at https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628.
NVD/CVE DatabaseMLflow version 2.15.1 has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its dbfs service that allows arbitrary file reading. The vulnerability exists because the service only validates the path portion of URLs while ignoring query parameters and other URL components, which attackers can exploit if the dbfs service is configured and mounted to a local directory.
Fix: A patch is available at https://github.com/mlflow/mlflow/commit/7791b8cdd595f21b5f179c7b17e4b5eb5cbbe654
NVD/CVE Database