threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zenml
Product
zenml
14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-8406
>= 0.83.1 and < 0.84.2
ZenML version 0.83.1 is affected by a path traversal vulnerability in the
PathMaterializer
class. The
load
function uses `is_p
7.8
HIGH
CVE-2024-9340
< 0.68.0
A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resou
7.5
HIGH
CVE-2024-4311
all versions
zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change functio
5.4
MEDIUM
CVE-2024-5062
< 0.58.0
A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due
6.1
MEDIUM
CVE-2024-4680
all versions
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insuffici
8.8
HIGH
CVE-2024-2383
< 0.56.3
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set
6.1
MEDIUM
CVE-2024-2213
< 0.56.3
An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attac
3.3
LOW
CVE-2024-2171
< 0.56.2
A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_u
4.8
MEDIUM
CVE-2024-2035
< 0.56.2
An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id
6.5
MEDIUM
CVE-2024-2032
< 0.55.5
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of mult
3.1
LOW
CVE-2024-2260
< 0.56.2
A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not i
4.2
MEDIUM
CVE-2024-2083
< 0.55.5
A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attac
9.9
CRITICAL
CVE-2024-28424
all versions
zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_
8.8
HIGH
CVE-2024-25723
< 0.42.2
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin