10 matches found
EUVD-2024-21994
Malicious code in bioql PyPI...
EUVD-2024-21996
Malicious code in bioql PyPI...
EUVD-2024-0670
Malicious code in bioql PyPI...
EUVD-2024-21995
Malicious code in bioql PyPI...
ClearML Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible ClearML instance on the target application. ClearML is an infrastructure platform for AI builders. This detection is included in the AI and LLM category. No source data...
CVE-2024-24594
A cross-site scripting XSS vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI...
Cross site request forgery (csrf)
A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...
CVE-2024-24591
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with...
CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with...
PT-2024-20472
Name of the Vulnerable Software and Affected Versions Allegro AI’s ClearML platform versions 0.17.0 through 1.14.2 Description Deserialization of untrusted data can occur in the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end...