Vulnerabilidades em mindsdb
21 resultadosCVE-2025-68472HIGHMindsDB has improper sanitation of filepath that leads to information disclosure and DOSEPSS 19.2%CVE-2026-27483HIGHMindsDB has Path Traversal in /api/files Leading to Remote Code ExecutionEPSS 11.1%CVE-2024-24759CRITICALMindsDB Vulnerable to Bypass of SSRF Protection with DNS RebindingEPSS 4.9%CVE-2024-45846HIGHAn arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integrationEPSS 2.1%CVE-2023-30620HIGHArbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdbEPSS 1.0%CVE-2023-50731CRITICALMindsDB has arbitrary file write in file.pyEPSS 1.0%CVE-2022-23522HIGHArbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdbEPSS 0.9%CVE-2024-45850HIGHAn arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePointEPSS 0.9%CVE-2024-45851HIGHAn arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePointEPSS 0.9%CVE-2024-45849HIGHAn arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePointEPSS 0.9%CVE-2024-45847HIGHAn arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integratiEPSS 0.9%CVE-2024-45848HIGHAn arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integrationEPSS 0.8%CVE-2024-45852HIGHDeserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model toEPSS 0.7%CVE-2023-49796MEDIUMMindsDB Arbitrary File Write vulnerabilityEPSS 0.5%CVE-2024-45853HIGHDeserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhousEPSS 0.5%CVE-2024-45855HIGHDeserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhousEPSS 0.5%CVE-2024-45854HIGHDeserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhousEPSS 0.5%CVE-2024-45856CRITICALA cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whEPSS 0.5%CVE-2023-49795MEDIUMMindsDB Server-Side Request Forgery vulnerabilityEPSS 0.4%CVE-2024-3575MEDIUMCross-site Scripting (XSS) - Stored in mindsdb/mindsdbEPSS 0.4%