14 matches found
EUVD-2024-53884
Malicious code in bioql PyPI...
EUVD-2024-53883
Malicious code in bioql PyPI...
CVE-2024-43779
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...
CVE-2024-39272
A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...
CVE-2024-43779
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...
CVE-2024-43779
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...
CVE-2024-39272
A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...
CVE-2024-39272
A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...
CVE-2024-39272
A cross-site scripting xss vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability...
CVE-2024-39272
CVE-2024-39272 affects ClearML Enterprise Server 3.22.5-1533. The issue is a cross-site scripting (XSS) vulnerability in the dataset upload functionality, allowing an attacker with an existing ClearML account to upload HTML files which can execute JavaScript in the browser of an authenticated use...
CVE-2024-43779
CVE-2024-43779 is a information-disclosure vulnerability in ClearML Enterprise Server 3.22.5-1533. The root cause is that the Vault API can expose disabled vault items, allowing an authenticated user to retrieve vault contents via API requests (notably GET /api/v2.30/users.get_vaults). Cisco Talo...
CVE-2024-43779
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...
CVE-2024-43779
An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a series of HTTP...
PT-2025-5836 · Unknown · Clearml Enterprise Server
Name of the Vulnerable Software and Affected Versions: ClearML Enterprise Server version 3.22.5-1533 Description: A cross-site scripting XSS issue exists in the dataset upload functionality. A specially crafted HTTP request can lead to arbitrary HTML code execution. An attacker can send a series ...