Mindsdb

Mindsdb

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-27483

Exploit
  • EPSS 0.3%
  • Veröffentlicht 24.02.2026 14:00:05
  • Zuletzt bearbeitet 26.02.2026 15:35:44

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote comma...

7.3

CVE-2026-2531

Exploit
  • EPSS 0.06%
  • Veröffentlicht 16.02.2026 02:32:10
  • Zuletzt bearbeitet 19.02.2026 19:47:37

A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery...

9.1

CVE-2025-68472

Exploit
  • EPSS 0.07%
  • Veröffentlicht 12.01.2026 16:53:47
  • Zuletzt bearbeitet 20.02.2026 17:25:50

MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into Min...

5.4

CVE-2024-45856

Exploit
  • EPSS 0.16%
  • Veröffentlicht 12.09.2024 13:15:15
  • Zuletzt bearbeitet 16.09.2024 18:04:07

A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code with...

7.5

CVE-2024-45855

Exploit
  • EPSS 0.23%
  • Veröffentlicht 12.09.2024 13:15:15
  • Zuletzt bearbeitet 16.09.2024 18:03:27

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.

7.5

CVE-2024-45854

Exploit
  • EPSS 0.23%
  • Veröffentlicht 12.09.2024 13:15:14
  • Zuletzt bearbeitet 16.09.2024 18:02:37

Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.

7.5

CVE-2024-45853

Exploit
  • EPSS 0.25%
  • Veröffentlicht 12.09.2024 13:15:14
  • Zuletzt bearbeitet 16.09.2024 17:59:03

Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.

8.8

CVE-2024-45852

Exploit
  • EPSS 0.25%
  • Veröffentlicht 12.09.2024 13:15:14
  • Zuletzt bearbeitet 16.09.2024 17:51:04

Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.

8.8

CVE-2024-45851

Exploit
  • EPSS 0.56%
  • Veröffentlicht 12.09.2024 13:15:14
  • Zuletzt bearbeitet 16.09.2024 17:36:19

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query c...

8.8

CVE-2024-45849

Exploit
  • EPSS 0.56%
  • Veröffentlicht 12.09.2024 13:15:13
  • Zuletzt bearbeitet 16.09.2024 17:34:00

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query c...