Lucene search
K

10 matches found

NVD
NVD
added 2024/02/06 3:15 p.m.31 views

CVE-2024-24591

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

8.8CVSS8AI score0.00798EPSS
Exploits1References1
OSV
OSV
added 2024/02/06 3:15 p.m.4 views

CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

8.8CVSS5.7AI score
Exploits0References1
Prion
Prion
added 2024/02/06 3:15 p.m.19 views

Path traversal

A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...

6.8CVSS7.7AI score0.00798EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/06 2:42 p.m.15 views

CVE-2024-24594

A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...

9.9CVSS5.9AI score0.00594EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/06 2:41 p.m.29 views

CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

9.6CVSS9.3AI score0.0038EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/06 2:41 p.m.4 views

CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

9.6CVSS9AI score0.0038EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/02/06 2:40 p.m.19 views

CVE-2024-24590

Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with...

8CVSS9AI score0.02452EPSS
Exploits9References1
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.8 views

Allegro Cross-Site Scripting Vulnerability

Allegro is a cross-platform library open-sourced by Allegro primarily for video game and multimedia programming. A security vulnerability exists in Allegro AI ClearML. An attacker can exploit this vulnerability to execute a JavaScript payload when a user views the "Debug Samples" tab in the Web U...

9.9CVSS7AI score0.00594EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.6 views

Allegro Cross-Site Request Forgery Vulnerability

Allegro is a cross-platform library open-sourced by Allegro primarily for video game and multimedia programming. A cross-site request forgery vulnerability exists in Allegro AI ClearML. A remote attacker can use this vulnerability to impersonate a user by sending API requests via maliciously...

9.6CVSS6.9AI score0.0038EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.8 views

Allegro AI ClearML Security Vulnerability

Allegro is a cross-platform library open-sourced by Allegro primarily for video game and multimedia programming. A security vulnerability exists in Allegro AI ClearML that stems from storing passwords in plaintext in a MongoDB instance, causing an infected server to disclose all user emails and...

7.1CVSS6.7AI score0.00255EPSS
Exploits0References2
Rows per page
Query Builder