Lucene search
K

73 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-6926

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00446EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6957

Malicious code in bioql PyPI...

9.6CVSS7.4AI score0.00474EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2234

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00573EPSS
Exploits1References4
Zero Day Initiative
Zero Day Initiative
added 2025/10/03 12:0 a.m.7 views

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of model file paths. The issue results from the lack of proper...

8.1CVSS7.5AI score0.27133EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/01 2:34 a.m.7 views

Denial Of Service (DoS)

Aimhubio/aim is vulnerable to a Denial Of Service DoS. The vulnerability is due to the tracking server overriding the maximum size for websocket messages, allowing very large images to be tracked, which causes the server to become unresponsive to other requests...

7.5CVSS7AI score0.0059EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2025/03/28 4:30 a.m.7 views

Denial Of Service (DoS)

Aim is vulnerable to Denial Of Service DoS. The vulnerability is due to improper thread management due to the ScheduledStatusReporter object running on the main thread of the tracking server, blocking it indefinitely and preventing it from responding to requests...

7.5CVSS7AI score0.00588EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/03/27 2:48 a.m.15 views

Arbitrary File Deletion

Aim is vulnerable to Arbitrary File Deletion. The vulnerability is due to path traversal due to improper normalization of the runhash parameter in the LockManager.releaselocks function, allowing attackers to delete arbitrary files via the tracking server API...

9.1CVSS7.1AI score0.00849EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/22 12:32 p.m.6 views

CVE-2024-7760

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

9.6CVSS8.2AI score0.00474EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/03/22 11:19 a.m.13 views

CVE-2024-8769

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

9.1CVSS6.9AI score0.00849EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 12:32 p.m.16 views

GHSA-J5QJ-RG5J-J7C2 Aim Uncontrolled Resource Consumption vulnerability

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS7AI score0.0059EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.15 views

Aim Uncontrolled Resource Consumption vulnerability

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS6.7AI score0.0059EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.17 views

Aim path traversal in LockManager.release_locks

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

9.1CVSS6.9AI score0.00849EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.8 views

GHSA-6W7P-XRVP-P7XV Aim allows denial of service due to no timeouts for some tracking server endpoints

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...

7.5CVSS7.2AI score0.00446EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.8 views

Aim allows denial of service due to no timeouts for some tracking server endpoints

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue...

7.5CVSS6.9AI score0.00446EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.3 views

GHSA-38R9-3J52-H92V Aim vulnerable to Cross-Site Request Forgery

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

7.4CVSS8.1AI score0.00474EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

Aim vulnerable to Cross-Site Request Forgery

aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery CSRF vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can b...

9.6CVSS8.1AI score0.00474EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.10 views

Aim Path Traversal vulnerability

In version 3.22.0 of aimhubio/aim, the LocalFileManager.cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted...

7.5CVSS6.9AI score0.00953EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2025/03/20 12:32 p.m.5 views

GHSA-FX47-JPV9-7HXR Aim Vulnerable to Denial of Service (DoS)

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

7.5CVSS7AI score0.00588EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.13 views

Aim Vulnerable to Denial of Service (DoS)

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

7.5CVSS6.8AI score0.00588EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.21 views

CVE-2025-0189

In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large...

7.5CVSS0.0059EPSS
Exploits1References1
Rows per page
Query Builder