Lucene search
K

545 matches found

CVE
CVE
added 2025/05/13 5:5 p.m.35 views

CVE-2024-36321

CVE-2024-36321 : The AMD AIM-T Manageability Service is affected by an unquoted search path vulnerability that can allow a local attacker to escalate privileges and potentially achieve arbitrary code execution. Affected software is AMD AIM-T Manageability Service; root cause is an unquoted path i...

7.3CVSS7.8AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/13 5:5 p.m.23 views

CVE-2024-36321

Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution...

7.3CVSS0.00183EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.7 views

PT-2025-20932 · Unknown · Aim-T Manageability Service

Name of the Vulnerable Software and Affected Versions: AIM-T Manageability Service affected versions not specified Description: The issue is related to an unquoted search path within the AIM-T Manageability Service, which can be exploited by a local attacker to escalate privileges. This could...

7.3CVSS6.5AI score0.00183EPSS
Exploits0References4
NVD
NVD
added 2025/03/28 9:15 p.m.9 views

CVE-2024-24292

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component...

9.8CVSS0.00719EPSS
Exploits1References1
OSV
OSV
added 2025/03/28 9:15 p.m.3 views

CVE-2024-24292

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component...

9.8CVSS6.1AI score0.00719EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/28 12:0 a.m.14 views

CVE-2024-24292

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component...

0.00719EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/28 12:0 a.m.9 views

CVE-2024-24292

A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component...

8AI score0.00719EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/28 12:0 a.m.7 views

PT-2025-13570 · Unknown · Aliconnect /Sdk

Name of the Vulnerable Software and Affected Versions: Aliconnect /sdk version 0.0.6 Description: A Prototype Pollution issue allows an attacker to execute arbitrary code via the aim function in the aim.js component. This issue enables attackers to potentially compromise systems by injecting...

9.8CVSS7.2AI score0.00719EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/03/22 12:56 p.m.6 views

CVE-2024-6483

A vulnerability in the runs/delete-batch endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which are used to specify log/metadata files for deletion...

5.3CVSS7.1AI score0.00814EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:41 p.m.15 views

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS6.9AI score0.0059EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 12:23 p.m.19 views

CVE-2024-12778

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS6.9AI score0.00727EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:30 a.m.5 views

CVE-2024-8061

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...

7.5CVSS7AI score0.00446EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:16 a.m.9 views

CVE-2024-8101

A stored cross-site scripting XSS vulnerability exists in the Text Explorer component of aimhubio/aim version 3.23.0. The vulnerability arises due to the use of dangerouslySetInnerHTML without proper sanitization, allowing arbitrary JavaScript execution when rendering tracked texts. This can be...

7.2CVSS5.5AI score0.00401EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.17 views

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-0190 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-0190 Source advisory: SNYK:PYTHON-AIM-9510937...

7.5CVSS7.1AI score0.0059EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.6 views

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2025-0189 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2025-0189 Source advisory: SNYK:PYTHON-AIM-9510938...

7.5CVSS7.1AI score0.0059EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.6 views

dsipts (>=1.1.5 <=1.1.19), llm-toys (=0.1.1) +2 more potentially affected by CVE-2025-0189 via aim (>=3.17.4 <=3.20.1)

aim PYPI version =3.17.4, =1.1.5, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2025-0189 Source advisory: OSV:GHSA-J5QJ-RG5J-J7C2...

7.5CVSS7AI score0.0059EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.5 views

dsipts (>=1.1.5 <=1.1.19), llm-toys (=0.1.1) +2 more potentially affected by CVE-2025-0190 via aim (>=3.17.4 <=3.20.1)

aim PYPI version =3.17.4, =1.1.5, =0.0.20, =0.1.0, =0.5.6 Source cves: CVE-2025-0190 Source advisory: OSV:GHSA-FM93-G6XP-35XQ...

7.5CVSS7AI score0.0059EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.21 views

Aim Excessive Data Query Operations in a Large Data Table vulnerability

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS7.1AI score0.0059EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.39 views

GHSA-FM93-G6XP-35XQ Aim Excessive Data Query Operations in a Large Data Table vulnerability

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS7.1AI score0.0059EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.6 views

ado-sfttrainer (>=1.0.1 <=1.8.0), aim-mlflow (>=0.1.0 <=0.2.1) +27 more potentially affected by CVE-2024-8769 via aim (>=3.17.4 <=4.0.3)

aim PYPI version =3.17.4, =1.0.1, =0.1.0, =0.1.0, =0.0.1, =4.46.1, =0.0.1, =0.0.3, =0.0.1, =1.1.5, =0.1.1, =0.22.0, =0.0.1, =0.0.1, =2.0.1, =2.0.7 and more Source cves: CVE-2024-8769 Source advisory: SNYK:PYTHON-AIM-9510955...

9.1CVSS7.7AI score0.00849EPSS
Exploits1
Rows per page
Query Builder