26 matches found
EUVD-2025-17553
Malicious code in bioql PyPI...
EUVD-2025-17554
Malicious code in bioql PyPI...
Sensitive Information Disclosure
BackendAI is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insecure session handling caused by exposing the sensitive data in active sessions, allowing attackers to retrieve user credentials from the management platform...
CVE-2025-49651
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...
CVE-2025-49652
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49653
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
GHSA-H889-475R-WFMM Backend.AI Missing Authorization vulnerability
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. NOTE: The maintainers of BackendAI do not consider this report to fit...
GHSA-HXVR-GG2W-J48X BackendAI vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. NOTE: The maintainers of BackendAI do not consider this report to fit with their threat model and advise users to follow security advice from...
GHSA-WW28-4M4V-CQ4J BackendAI Missing Authentication for Critical Function
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
BackendAI Missing Authentication for Critical Function
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
Backend.AI Missing Authorization vulnerability
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. NOTE: The maintainers of BackendAI do not consider this report to fit...
CVE-2025-49653
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
CVE-2025-49651
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...
CVE-2025-49652
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49653 Exposure of sensitive Information allows account takeover
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
CVE-2025-49653 Exposure of sensitive Information allows account takeover
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform...
CVE-2025-49653
CVE-2025-49653 concerns Lablup’s BackendAI. The vulnerability arises from exposure of sensitive data in active sessions, enabling an attacker to retrieve credentials for users on the management platform. The affected software is BackendAI (backend.ai) and specifically involves credentials exposur...
CVE-2025-49652 Improper access control allows arbitrary account creation
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled...
CVE-2025-49651 Missing Authorization for Interactive Sessions
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...
CVE-2025-49651 Missing Authorization for Interactive Sessions
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI...