📦 Zenml

A directory traversal vulnerability in the zenml-io/zenml repository allows attackers to read arbitrary files on the server by manipulating the 'logs' URI path in API requests. This affects all deploy...

ZenML version 0.83.1 contains a path traversal vulnerability in the PathMaterializer class that allows attackers to write arbitrary files during data.tar.gz extraction. This occurs because the is_path...

This CVE describes a Denial of Service vulnerability in zenml-io/zenml version 0.66.0 where unauthenticated attackers can send specially crafted multipart requests with malformed boundaries to cause i...

This vulnerability in ZenML Server allows remote attackers to escalate privileges by activating user accounts with only a valid username and new password via the /api/v1/users/{user_name_or_id}/activa...

This CVE-2024-2035 vulnerability allows any authenticated user in the ZenML platform to modify other users' information, including deactivating their accounts by setting the active status to false. Th...