26 matches found
EUVD-2025-17554
Malicious code in bioql PyPI...
EUVD-2025-17553
Malicious code in bioql PyPI...
Sensitive Information Disclosure
BackendAI is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure session handling caused by exposing the sensitive data in active sessions, allowing attackers to retrieve user credentials from the management platform...
CVE-2025-49652
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49651
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...
CVE-2025-49653
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
BackendAI Missing Authentication for Critical Function
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
GHSA-HXVR-GG2W-J48X BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. NOTE: The maintainers of BackendAI do not consider this report to fit with their threat model and advise users to follow security advice from...
GHSA-H889-475R-WFMM Backend.AI Missing Authorization vulnerability
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. NOTE: The maintainers of BackendAI do not consider this report to fit...
Backend.AI Missing Authorization vulnerability
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. NOTE: The maintainers of BackendAI do not consider this report to fit...
GHSA-WW28-4M4V-CQ4J BackendAI Missing Authentication for Critical Function
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49653
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
CVE-2025-49652
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49651
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...
CVE-2025-49653 Exposure of sensitive Information allows account takeover
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
CVE-2025-49653 Exposure of sensitive Information allows account takeover
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
CVE-2025-49653
CVE-2025-49653 concerns Lablup’s BackendAI. The vulnerability arises from exposure of sensitive data in active sessions, enabling an attacker to retrieve credentials for users on the management platform. The affected software is BackendAI (backend.ai) and specifically involves credentials exposur...
CVE-2025-49652 Improper access control allows arbitrary account creation
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49651 Missing Authorization for Interactive Sessions
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...
CVE-2025-49651
CVE-2025-49651 concerns Lablup BackendAI with Missing Authorization, enabling takeover of all active sessions and access/alteration of data within those sessions. The description indicates the vulnerability exists in all current BackendAI versions. Connected documents corroborate the issue but do...