The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade backpropagate to version 1.2.0 or higher.
backpropagate is a Production-ready headless LLM fine-tuning with smart defaults, Windows support, and modular architecture
Affected versions of this package are vulnerable to Debug Messages Revealing Unnecessary Information in the authentication process. An attacker can gain unauthorized access to sensitive operations and data by connecting to the exposed UI endpoint without authentication. This allows reading uploaded datasets, triggering arbitrary training runs, pushing models to external repositories, causing disk exhaustion, and accessing user-supplied file paths, potentially leading to data exfiltration and supply-chain compromise.
This vulnerability can be mitigated by not using the --auth or --share flags when launching the UI, restricting access to localhost, using SSH port-forwarding for remote access, and auditing deployments for potential exposure.