Polyaxon - Unauthenticated Directory Traversal

Polyaxon latest version contains a path traversal caused by insufficient validation in directory access, letting unauthenticated attackers retrieve directory information and file contents, exploit requires no authentication. id: CVE-2024-9362 info: name: Polyaxon - Unauthenticated Directory...

EUVD-2025-6838

Malicious code in bioql PyPI...

EUVD-2025-6844

Malicious code in bioql PyPI...

EUVD-2025-6841

Malicious code in bioql PyPI...

CVE-2024-9365

A Cross-Site Request Forgery CSRF vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, model versions, and artifact versions, or changing settings. The impact of this vulnerability...

CVE-2024-9363

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...

basecamper (>=0.1.1.dev1 <=0.10.9), fedsim (>=0.2.0 <=0.9.0) +5 more potentially affected by CVE-2024-9363 via polyaxon (>=1.1.7.post4 <=2.9.4)

polyaxon PYPI version =1.1.7.post4, =0.1.1.dev1, =0.2.0, =0.0.1, =0.0.0, =0.2.1, =0.1.0b5, =0.1.2 Source cves: CVE-2024-9363 Source advisory: SNYK:PYTHON-POLYAXON-9598251...

Relative Path Traversal

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Relative Path Traversal enabling the deletion of files on the target server. An attacker can delete critical files such as polyaxon.sock to cause a crash...

basecamper (>=0.1.1.dev1 <=0.10.9), fedsim (>=0.2.0 <=0.9.0) +5 more potentially affected by CVE-2024-9362 via polyaxon (>=1.1.7.post4 <=2.9.4)

polyaxon PYPI version =1.1.7.post4, =0.1.1.dev1, =0.2.0, =0.0.1, =0.0.0, =0.2.1, =0.1.0b5, =0.1.2 Source cves: CVE-2024-9362 Source advisory: SNYK:PYTHON-POLYAXON-9585349...

Directory Traversal

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Directory Traversal via the runs endpoint. An attacker can read arbitrary files from the target filesystem by providing a directory traversal path. PoC...

Cross-site Request Forgery (CSRF)

Overview polyaxon is a Command Line Interface CLI and client to interact with Polyaxon API. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create endpoint. An attacker who can convince a user to follow a malicious link can cause the creation of a...

basecamper (>=0.1.1.dev1 <=0.10.9), fedsim (>=0.2.0 <=0.9.0) +5 more potentially affected by CVE-2024-9365 via polyaxon (>=1.1.7.post4 <=2.9.4)

polyaxon PYPI version =1.1.7.post4, =0.1.1.dev1, =0.2.0, =0.0.1, =0.0.0, =0.2.1, =0.1.0b5, =0.1.2 Source cves: CVE-2024-9365 Source advisory: SNYK:PYTHON-POLYAXON-9584622...

CVE-2024-9365

A Cross-Site Request Forgery CSRF vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, model versions, and artifact versions, or changing settings. The impact of this vulnerability...

CVE-2024-9363

An unauthorized file deletion vulnerability exists in the latest version of the Polyaxon platform, which can lead to denial of service by terminating critical containers. An attacker can delete important files within the containers, such as polyaxon.sock, causing the API container to exit...

CVE-2024-9362

An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. The issue...

CVE-2024-9365 Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon

A Cross-Site Request Forgery CSRF vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, model versions, and artifact versions, or changing settings. The impact of this vulnerability...

CVE-2024-9365

CVE-2024-9365 describes a Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon v2.4.0 . The vulnerability enables attackers to perform unauthorized actions in the victim’s browser context, including creating projects, model versions, and artifact versions, or changing settings, with potential d...

CVE-2024-9365 Cross-Site Request Forgery (CSRF) in polyaxon/polyaxon

A Cross-Site Request Forgery CSRF vulnerability in polyaxon/polyaxon v2.4.0 allows attackers to perform unauthorized actions in the context of the victim's browser. This includes creating projects, model versions, and artifact versions, or changing settings. The impact of this vulnerability...

CVE-2024-9362 Directory Traversal in polyaxon/polyaxon

An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. The issue...

CVE-2024-9362

CVE-2024-9362 describes an unauthenticated directory traversal vulnerability in Polyaxon. Multiple connected sources confirm an information-disclosure style flaw that allows access to server directories (e.g., /etc) and arbitrary file contents via vulnerable endpoints. The Snyk entry specifies af...