Poster - CVE CyberSecurity Database News (Page 498)

Nov 25, 2024 API Exploit Apache

CVE-2024-27134 - Exploiting Excessive Directory Permissions in MLflow for Local Privilege Escalation with spark_udf

CVE-2024-27134 is a recently disclosed vulnerability found in MLflow, a popular open-source machine learning platform. The core of this issue revolves around excessive directory permissions

Nov 25, 2024 RCE Exploit

CVE-2024-11664 - Critical Path Traversal Vulnerability in eNMS (<=4.2) — How Attackers Can Exploit TGZ File Handling

On March 2024, a critical vulnerability known as CVE-2024-11664 was disclosed, affecting the eNMS (Enterprise Network Management System) application up to version 4.2. This

Nov 25, 2024 API

CVE-2024-6538 - OpenShift Console SSRF Vulnerability – Exploiting the /api/dev-console/proxy/internet Endpoint

In June 2024, a critical security flaw was found in Red Hat OpenShift’s web console. Identified as CVE-2024-6538, this vulnerability exposes cloud environments to

Nov 24, 2024

CVE-2024-53899 - How a Simple Quoting Mistake in Virtualenv Led to Command Injection

If you’re a Python developer, you probably use virtualenv for managing your project environments. But did you know that before version 20.26.6,

Nov 24, 2024 Exploit PHP

CVE-2024-11233 - Dangerous Buffer Overread in PHP’s quoted-printable Filter—How it Works, Why it Matters, and How to Stay Safe

If you run any code on PHP 8.1, 8.2, or early 8.3 versions, you should know about CVE-2024-11233—a subtle, yet extremely