arif-s3d0

3 exploits Active since Jun 2023
CVE-2026-2635 GITHUB HIGH python WORKING POC
MLflow - Unauthenticated Authentication Bypass via Default Credentials in basic_auth.ini
MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator. Was ZDI-CAN-28256.
1 stars
CVSS 7.3
CVE-2023-34468 GITHUB HIGH python WORKING POC
Apache NiFi 0.0.2-1.21.0 - Authenticated Remote Code Execution via H2 JDBC Database URL
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
1 stars
CVSS 8.8
CVE-2025-8110 GITHUB HIGH python WORKING POC
Gogs < 0.13.3 - Local Code Execution via PutContents API Symbolic Link Handling
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
1 stars
CVSS 8.8