Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite

A vulnerability in the backuprun function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the runhash and repo.path parameters, which can be manipulated to create an...

@jason_mao/mao-ui (=0.0.1), aim-testing (>=0.0.5 <=0.0.8) potentially affected by unknown CVE via jest-less-loader (=0.2.0)

jest-less-loader NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on jest-less-loader and may be impacted: - @jasonmao/mao-ui =0.0.1 - aim-testing =0.0.5, =0.0.8 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4140...

AMD AIM-T Manageability Service 代码问题漏洞

AMD AIM-T Manageability Service is an industrial-grade remote device management service provided by American semiconductor company AMD. It supports operations and maintenance of edge computing nodes. There are code vulnerabilities in AMD AIM-T Manageability Service. These vulnerabilities stem fro...

CVE-2024-2363

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The...

CVE-2024-2195

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...

CVE-2024-2196

aimhubio/aim is vulnerable to Cross-Site Request Forgery CSRF, allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboar...

CVE-2025-15236

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...

CVE-2025-15240

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

CVE-2025-15239

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-15238

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-15237

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...

CVE-2025-15237 Quanta Computer｜QOCA aim AI Medical Cloud Platform - Path Traversal

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...

CVE-2025-15237 Quanta Computer｜QOCA aim AI Medical Cloud Platform - Path Traversal

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Path Traversal vulnerability, allowing authenticated remote attackers to read folder names under the specified path by exploiting an Absolute Path Traversal vulnerability...

CVE-2025-15236

QOCA aim AI Medical Cloud Platform (Quanta Computer) is affected by an Absolute Path Traversal vulnerability that allows authenticated remote attackers to read folder names under a specified path. Public sources across multiple feeds (NVD, Red Hat, CVE listing, CNNVD, CIRCL, EUVD, PT Security) de...

PT-2026-1221

Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description A Missing Authorization issue exists in QOCA aim AI Medical Cloud Platform. Authenticated remote attackers can modify network packet parameters, potentially allowin...

CVE-2018-25135

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

CVE-2018-25135

CVE-2018-25135 affects Anviz AIM CrossChex Standard 4.3.6.0. The CSV injection vulnerability arises from user import fields (e.g., Name, Gender, Position) that can contain malicious formulas, triggering Excel macro execution when importing user data. Reported impact includes command execution in ...

Malicious code in saku-aim-upuasoanmio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cddf020e13cd5d173a1086c6d76cc269e01e0012b14c62daa1d28ebc9c62e005 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2005-1460

Malware in sbrugna...

EUVD-2004-0279

Malware in sbrugna...