CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2025/03/20 10:11 a.m.•53 views

CVE-2024-8556

CVE-2024-8556 affects modelscope/agentscope with a stored XSS in the run-details view where a user-controllable run ID is appended and rendered as HTML, enabling arbitrary JavaScript in the victim’s browser. The issue is tied to dashboard.js rendering logic; PoC in Snyk shows a crafted run_id, co...

6.1CVSS5.9AI score0.00167EPSS

Vulnrichment•added 2025/03/20 10:11 a.m.•4 views

CVE-2024-8556 Stored XSS in modelscope/agentscope

6.1CVSS5.9AI score0.00167EPSS

Cvelist•added 2025/03/20 10:11 a.m.•10 views

CVE-2024-8524 Directory Traversal in modelscope/agentscope

A directory traversal vulnerability exists in modelscope/agentscope version 0.0.4. An attacker can exploit this vulnerability to read any local JSON file by sending a crafted POST request to the /read-examples endpoint...

7.5CVSS0.00926EPSS

Vulnrichment•added 2025/03/20 10:11 a.m.•5 views

CVE-2024-8524 Directory Traversal in modelscope/agentscope

7.5CVSS7.3AI score0.00926EPSS

CVE•added 2025/03/20 10:11 a.m.•51 views

CVE-2024-8524

CVE-2024-8524 concerns modelscope/agentscope v0.0.4, where a directory traversal vulnerability allows an attacker to read arbitrary local JSON files via a crafted POST to the /read-examples endpoint. Affected component: agentscope (Python package) in the modelscope project; vulnerability arises f...

7.5CVSS7.3AI score0.00926EPSS

Cvelist•added 2025/03/20 10:11 a.m.•8 views

CVE-2024-8537 Path Traversal in modelscope/agentscope

A path traversal vulnerability exists in the modelscope/agentscope application, affecting all versions. The vulnerability is present in the /delete-workflow endpoint, allowing an attacker to delete arbitrary files from the filesystem. This issue arises due to improper input validation, enabling t...

9.1CVSS0.00506EPSS

CVE•added 2025/03/20 10:11 a.m.•48 views

CVE-2024-8537

CVE-2024-8537 describes a path traversal vulnerability in modelscope/agentscope affecting the /delete-workflow endpoint, enabling an attacker to delete arbitrary files due to improper input validation. The issue is reported across multiple feeds (Veracode, Snyk, GHSA/OSV/CVE listings) with PoC-li...

9.1CVSS9.2AI score0.00506EPSS

Vulnrichment•added 2025/03/20 10:11 a.m.•3 views

CVE-2024-8537 Path Traversal in modelscope/agentscope

9.1CVSS9.2AI score0.00506EPSS

Vulnrichment•added 2025/03/20 10:10 a.m.•3 views

CVE-2024-8551 Path Traversal in modelscope/agentscope

A path traversal vulnerability exists in the save-workflow and load-workflow functionality of modelscope/agentscope versions prior to the fix. This vulnerability allows an attacker to read and write arbitrary JSON files on the filesystem, potentially leading to the exposure or modification of...

9.1CVSS9AI score0.00297EPSS

Cvelist•added 2025/03/20 10:10 a.m.•9 views

CVE-2024-8551 Path Traversal in modelscope/agentscope

9.1CVSS0.00297EPSS

CVE•added 2025/03/20 10:10 a.m.•77 views

CVE-2024-8551

CVE-2024-8551 : A path traversal vulnerability affects modelscope/agentscope in the save-workflow and load-workflow functionality, present in versions prior to the fix. An attacker can read and write arbitrary JSON files on the filesystem, potentially exposing or modifying sensitive data (config ...

9.1CVSS9AI score0.00297EPSS

CVE•added 2025/03/20 10:9 a.m.•78 views

CVE-2024-8438

Summary: CVE-2024-8438 describes a path traversal in modelscope/agentscope v0.0.4 where the /api/file endpoint does not sanitize the path parameter, enabling reading arbitrary server files. The underlying impact is information disclosure with a high severity (CVSS3/7.5) but no exploitation detail...

7.5CVSS7.5AI score0.0039EPSS

Cvelist•added 2025/03/20 10:9 a.m.•7 views

CVE-2024-8438 Path Traversal in modelscope/agentscope

A path traversal vulnerability exists in modelscope/agentscope version v.0.0.4. The API endpoint /api/file does not properly sanitize the path parameter, allowing an attacker to read arbitrary files on the server...

7.5CVSS0.0039EPSS

Vulnrichment•added 2025/03/20 10:9 a.m.•8 views

CVE-2024-8438 Path Traversal in modelscope/agentscope

7.5CVSS7.5AI score0.0039EPSS

Vulnrichment•added 2025/03/20 10:9 a.m.•4 views

CVE-2024-8502 Remote Code Execution via Deserialization in modelscope/agentscope

A vulnerability in the RpcAgentServerLauncher class of modelscope/agentscope v0.0.6a3 allows for remote code execution RCE via deserialization of untrusted data using the dill library. The issue occurs in the AgentServerServicer.createagent method, where serialized input is deserialized using...

9.8CVSS10AI score0.0074EPSS

Cvelist•added 2025/03/20 10:9 a.m.•6 views

CVE-2024-8502 Remote Code Execution via Deserialization in modelscope/agentscope

9.8CVSS0.0074EPSS

CVE•added 2025/03/20 10:9 a.m.•39 views

CVE-2024-8502

CVE-2024-8502 affects modelscope/agentscope (v0.0.6a3). The RpcAgentServerLauncher.AgentServerServicer.create_agent path deserializes untrusted input with dill.loads, enabling remote code execution. Impact is described as arbitrary commands execution on the server; CVE is reported across multiple...

9.8CVSS10AI score0.0074EPSS

Vulnrichment•added 2025/03/20 10:9 a.m.•3 views

CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope

A vulnerability in modelscope/agentscope, specifically in the AgentScope Studio backend server, allows for Cross-Site Request Forgery CSRF due to overly permissive CORS headers. This issue affects the latest commit on the main branch 21161fe. The vulnerability permits an attacker to access all...

8.8CVSS8.6AI score0.00116EPSS

Cvelist•added 2025/03/20 10:9 a.m.•10 views

CVE-2024-8489 CSRF due to overly permissive CORS headers in modelscope/agentscope

8.8CVSS0.00116EPSS