Lucene search
+L

115 matches found

cvelist
cvelist
added 2025/02/06 4:47 p.m.13 views

CVE-2024-39272

A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...

9CVSS0.00548EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/02/06 4:47 p.m.4 views

CVE-2024-43779

An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...

7.7CVSS7.4AI score0.00787EPSS
Exploits1References1
cve
cve
added 2025/02/06 4:47 p.m.90 views

CVE-2024-43779

CVE-2024-43779 is a information-disclosure vulnerability in ClearML Enterprise Server 3.22.5-1533. The root cause is that the Vault API can expose disabled vault items, allowing an authenticated user to retrieve vault contents via API requests (notably GET /api/v2.30/users.get_vaults). Cisco Talo...

7.7CVSS6.8AI score0.00787EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2025/02/06 4:47 p.m.23 views

CVE-2024-43779

An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...

7.7CVSS0.00787EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/02/06 12:0 a.m.5 views

ClearML Server 安全漏洞

ClearML Server is an open source suite of tools from ClearML that simplifies machine learning workflows. A security vulnerability exists in ClearML Server version 3.22.5-1533. An attacker exploiting this vulnerability could gain access to sensitive information...

7.7CVSS8.8AI score0.00787EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/02/06 12:0 a.m.4 views

ClearML Server 安全漏洞

ClearML Server is an open source suite of tools from ClearML that simplifies machine learning workflows. A security vulnerability exists in ClearML Server version 3.22.5-1533. An attacker can exploit the vulnerability to execute arbitrary html code via a specially crafted HTTP request...

9CVSS8.9AI score0.00548EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/02/06 12:0 a.m.4 views

PT-2025-5836 · Unknown · Clearml Enterprise Server

Name of the Vulnerable Software and Affected Versions: ClearML Enterprise Server version 3.22.5-1533 Description: A cross-site scripting XSS issue exists in the dataset upload functionality. A specially crafted HTTP request can lead to arbitrary HTML code execution. An attacker can send a series ...

9CVSS6AI score0.00548EPSS
Exploits0References5
talos
talos
added 2025/02/06 12:0 a.m.8 views

ClearML Vault API disabled vaults retrieval vulnerability

Talos Vulnerability Report TALOS-2024-2112 ClearML Vault API disabled vaults retrieval vulnerability February 6, 2025 CVE Number CVE-2024-43779 SUMMARY An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP...

7.7CVSS7.6AI score0.00787EPSS
Exploits1
talos
talos
added 2025/02/06 12:0 a.m.6 views

ClearML dataset upload XSS vulnerability

Talos Vulnerability Report TALOS-2024-2110 ClearML dataset upload XSS vulnerability February 6, 2025 CVE Number CVE-2024-39272 SUMMARY A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can...

9CVSS5.5AI score0.00548EPSS
Exploits0
redhatcve
redhatcve
added 2025/02/05 2:15 a.m.12 views

CVE-2024-24594

A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...

9.9CVSS5.9AI score0.00594EPSS
Exploits1References1
githubexploit
githubexploit
added 2024/10/07 5:7 p.m.379 views

Exploit for Deserialization of Untrusted Data in Clear Clearml

ClearML Exploit This repository contains a proof-of-concept e...

8.8CVSS9AI score0.02452EPSS
Exploits9
githubexploit
githubexploit
added 2024/07/21 4:16 a.m.89 views

Exploit for Deserialization of Untrusted Data in Clear Clearml

Clearml-CVE-2024-24590 CVE-2024-24590 is a vulnerability that...

8.8CVSS8.2AI score0.02452EPSS
Exploits9
githubexploit
githubexploit
added 2024/07/21 4:16 a.m.138 views

Exploit for Deserialization of Untrusted Data in Clear Clearml

Clearml-CVE-2024-24590 CVE-2024-24590 is a vulnerability that...

8.8CVSS8.2AI score0.02452EPSS
Exploits9
githubexploit
githubexploit
added 2024/06/20 11:23 a.m.573 views

Exploit for Deserialization of Untrusted Data in Clear Clearml

CVE-2024-24590 Deserialization of untrusted data can occur in...

8.8CVSS7.2AI score0.02452EPSS
Exploits9
githubexploit
githubexploit
added 2024/06/15 10:9 a.m.548 views

Exploit for Deserialization of Untrusted Data in Clear Clearml

ClearML Exploit Script This repository contains a Python expl...

8.8CVSS8.9AI score0.02452EPSS
Exploits9
githubexploit
githubexploit
added 2024/06/13 10:17 p.m.701 views

Exploit for Deserialization of Untrusted Data in Clear Clearml

CVE-2024-24590-ClearML-RCE-Exploit Python script that exploit...

8.8CVSS9.1AI score0.02452EPSS
Exploits9
githubexploit
githubexploit
added 2024/06/11 10:30 p.m.442 views

Exploit for Deserialization of Untrusted Data in Clear Clearml

...

8.8CVSS8.9AI score0.02452EPSS
Exploits9
githubexploit
githubexploit
added 2024/06/11 10:30 p.m.488 views

Exploit for Deserialization of Untrusted Data in Clear Clearml

...

8.8CVSS8.9AI score0.02452EPSS
Exploits9
veracode
veracode
added 2024/02/07 7:34 a.m.35 views

Insecure Deserialisation

clearml is vulnerable to Insecure Deserialisation. The vulnerability is due to Deserialisation of untrusted data. An attacker can upload a malicious pickle file via the project API to run arbitrary code on an end user's system...

8.8CVSS7.2AI score0.02452EPSS
Exploits9References2Affected Software1
veracode
veracode
added 2024/02/07 5:52 a.m.23 views

Path Traversal

clearml is vulnerable to Path Traversal. The vulnerability is due to a lack of file path validation, which allows an attacker to craft a malicious dataset which writes files to arbitrary locations on the system...

8.8CVSS6.8AI score0.00798EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder