An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.