Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:43 a.m.17 views

CVE-2024-7340

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS7AI score0.04974EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/11/11 10:11 a.m.14 views

Security Flaws in Popular ML Toolkits Enable Server Hijacks, Privilege Escalation

Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning ML related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published...

8.8CVSS10AI score0.14956EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2024/07/31 3:0 p.m.19 views

CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS7AI score0.04974EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/31 3:0 p.m.294 views

CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...

8.8CVSS0.04974EPSS
Exploits0References2
Rows per page
Query Builder