Vulnerabilities > Zenml
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-06-30 | CVE-2024-5062 | Unspecified vulnerability in Zenml A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. | 6.1 |
2024-06-08 | CVE-2024-4680 | Unspecified vulnerability in Zenml 0.56.3 A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. | 8.8 |
2024-06-06 | CVE-2024-2032 | Race Condition vulnerability in Zenml A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. | 3.1 |
2024-06-06 | CVE-2024-2035 | Unspecified vulnerability in Zenml An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. | 6.5 |
2024-06-06 | CVE-2024-2171 | Unspecified vulnerability in Zenml A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. | 4.8 |
2024-06-06 | CVE-2024-2213 | Unspecified vulnerability in Zenml An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. | 3.3 |
2024-06-06 | CVE-2024-2383 | Unspecified vulnerability in Zenml A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. | 6.1 |