Lucene search
K

545 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-6926

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00446EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-41597

Malicious code in bioql PyPI...

8.7CVSS6.6AI score0.00391EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1169

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.00531EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/05 5:10 p.m.5 views

Malicious code in @zalastax/nolb-aim (npm)

The package @zalastax/nolb-aim was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/09/05 5:10 p.m.1 views

MAL-2025-43111 Malicious code in @zalastax/nolb-aim (npm)

The package @zalastax/nolb-aim was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-9740 Malicious code in @zalastax/nolb-_aim (npm)

The package @zalastax/nolb-aim was found to contain malicious code...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/07/24 12:23 a.m.10 views

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

7CVSS6.7AI score0.00458EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/07/22 6:30 p.m.4 views

dsipts (>=1.1.5 <=1.1.39), kedro-aim (>=0.1.1 <=0.1.3) +7 more potentially affected by CVE-2025-51464 via aim (>=3.17.4 <=3.29.1)

aim PYPI version =3.17.4, =1.1.5, =0.1.1, =0.0.1, =0.0.1, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2025-51464 Source advisory: OSV:GHSA-GMVV-RJ92-9W35...

8.8CVSS5.4AI score0.006EPSS
Exploits1
OSV
OSV
added 2025/07/22 6:30 p.m.4 views

GHSA-GMVV-RJ92-9W35 Aim vulnerable to Cross-site Scripting

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

5.3CVSS6.4AI score0.006EPSS
Exploits1References4
NVD
NVD
added 2025/07/22 6:15 p.m.33 views

CVE-2025-51464

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

8.8CVSS0.006EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/07/22 5:43 p.m.5 views

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-51464 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-51464 Source advisory: SNYK:PYTHON-AIM-10878170...

8.8CVSS5.4AI score0.006EPSS
Exploits1
Snyk
Snyk
added 2025/07/22 5:43 p.m.1 views

Cross-site Scripting (XSS)

Overview aim is a super-easy way to record, search and compare AI experiments. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /api/reports endpoint, which processes user-submitted Python code that is interpreted and executed by the function pyodide.code.runjs...

8.8CVSS5.3AI score0.006EPSS
Exploits1References2
NVD
NVD
added 2025/07/22 4:15 p.m.20 views

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

7CVSS0.00458EPSS
Exploits1References3
OSV
OSV
added 2025/07/22 4:15 p.m.6 views

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

7CVSS7.1AI score0.00458EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/07/22 3:48 p.m.4 views

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-51463 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-51463 Source advisory: SNYK:PYTHON-AIM-10875510...

7CVSS5.4AI score0.00458EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/07/22 12:0 a.m.2 views

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

7.3AI score0.00458EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/07/22 12:0 a.m.3 views

CVE-2025-51464

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

6.7AI score0.006EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/07/22 12:0 a.m.5 views

PT-2025-30426 · Aim · Aim

Name of the Vulnerable Software and Affected Versions: AIM version 3.28.0 Description: A path traversal issue exists in the restore run backup function. This allows remote attackers to write arbitrary files to the server's filesystem by submitting a crafted backup tar file to the run instruction...

7CVSS6.6AI score0.00458EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/07/22 12:0 a.m.23 views

CVE-2025-51463

Path Traversal in restorerunbackup in AIM 3.28.0 allows remote attackers to write arbitrary files to the server's filesystem via a crafted backup tar file submitted to the runinstruction API, which is extracted without path validation during restoration...

0.00458EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/07/22 12:0 a.m.4 views

Aim 路径遍历漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A path traversal vulnerability exists in AIM version 3.28.0, which stems from a path traversal vulnerability in restorerunbackup that could result in writing arbitrary files to the server file syst...

7CVSS6.6AI score0.00458EPSS
Exploits1References4
Rows per page
Query Builder