Mindsdb

Mindsdb

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.3

CVE-2026-7712

Exploit
  • EPSS 0.3%
  • Veröffentlicht 03.05.2026 23:45:16
  • Zuletzt bearbeitet 05.05.2026 19:13:44

A security vulnerability has been detected in MindsDB up to 26.01. Affected is the function pickle.loads of the component Pickle Handler. The manipulation leads to deserialization. The attack is possible to be carried out remotely. The exploit has be...

7.3

CVE-2026-7711

Exploit
  • EPSS 0.28%
  • Veröffentlicht 03.05.2026 23:30:25
  • Zuletzt bearbeitet 05.05.2026 19:13:44

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. Th...

8.8

CVE-2026-27483

Exploit
  • EPSS 11.11%
  • Veröffentlicht 24.02.2026 14:00:05
  • Zuletzt bearbeitet 26.02.2026 15:35:44

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote comma...

7.3

CVE-2026-2531

Exploit
  • EPSS 0.23%
  • Veröffentlicht 16.02.2026 02:32:10
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery...

9.1

CVE-2025-68472

Exploit
  • EPSS 19.21%
  • Veröffentlicht 12.01.2026 16:53:47
  • Zuletzt bearbeitet 20.02.2026 17:25:50

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into Min...

5.4

CVE-2024-45856

Exploit
  • EPSS 0.47%
  • Veröffentlicht 12.09.2024 13:15:15
  • Zuletzt bearbeitet 16.09.2024 18:04:07

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code with...

7.5

CVE-2024-45855

Exploit
  • EPSS 0.48%
  • Veröffentlicht 12.09.2024 13:15:15
  • Zuletzt bearbeitet 16.09.2024 18:03:27

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.

7.5

CVE-2024-45854

Exploit
  • EPSS 0.48%
  • Veröffentlicht 12.09.2024 13:15:14
  • Zuletzt bearbeitet 16.09.2024 18:02:37

Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.

7.5

CVE-2024-45853

Exploit
  • EPSS 0.48%
  • Veröffentlicht 12.09.2024 13:15:14
  • Zuletzt bearbeitet 16.09.2024 17:59:03

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.

8.8

CVE-2024-45852

Exploit
  • EPSS 0.68%
  • Veröffentlicht 12.09.2024 13:15:14
  • Zuletzt bearbeitet 16.09.2024 17:51:04

Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.