Vulnerabilities > Zenml

DATE CVE VULNERABILITY TITLE RISK
2024-06-30 CVE-2024-5062 Unspecified vulnerability in Zenml
A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1.
network
low complexity
zenml
6.1
2024-06-08 CVE-2024-4680 Unspecified vulnerability in Zenml 0.56.3
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration.
network
low complexity
zenml
8.8
2024-06-06 CVE-2024-2032 Race Condition vulnerability in Zenml
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel.
network
high complexity
zenml CWE-362
3.1
2024-06-06 CVE-2024-2035 Unspecified vulnerability in Zenml
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint.
network
low complexity
zenml
6.5
2024-06-06 CVE-2024-2171 Unspecified vulnerability in Zenml
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field.
network
low complexity
zenml
4.8
2024-06-06 CVE-2024-2213 Unspecified vulnerability in Zenml
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4.
local
low complexity
zenml
3.3
2024-06-06 CVE-2024-2383 Unspecified vulnerability in Zenml
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers.
network
low complexity
zenml
6.1