887 matches found
CVE-2025-0190
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...
CVE-2024-12778
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...
CVE-2024-12778
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...
CVE-2024-11042
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
CVE-2024-11042
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
CVE-2024-10902
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...
CVE-2024-12778 Denial of Service in aimhubio/aim
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...
CVE-2024-12778
CVE-2024-12778 affects the Aim project (aimhubio/aim) v3.25.0. The root cause is an absence of a limit on the number of metrics requested per call, which, together with a single-threaded server, allows excessive resource consumption and can render the web API unresponsive (DoS). Concretely, retri...
CVE-2024-10901
CVE-2024-10901 affects eosphoros-ai/db-gpt. In v0.6.0 (and earlier per OSV entry), the web API POST /api/v1/editor/chart/run allows executing arbitrary SQL without access controls, enabling Arbitrary File Write and potentially Remote Code Execution by writing files such as init .py into Python’s ...
CVE-2024-11042 Arbitrary File Delete in invoke-ai/invokeai
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
CVE-2024-11042 Arbitrary File Delete in invoke-ai/invokeai
In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...
CVE-2025-0190 Denial of Service in aimhubio/aim
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...
CVE-2025-0190 Denial of Service in aimhubio/aim
In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...
CVE-2025-0190
CVE-2025-0190 affects the Aim web server in the aimhubio/aim package (version 3.25.0). The underlying issue is an excessive data query operation: tracking a large number of Text objects and then querying them simultaneously via the web API can cause the server to become unresponsive to other requ...
DB-GPT SQL注入漏洞
DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. DB-GPT version v0.6.0 suffers from a SQL injection vulnerability that originates from the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries, which can be...
Synology DiskStation Manager(DSM)和Synology BeeStation Manager 安全漏洞
Synology DiskStation Manager DSM and Synology BeeStation Manager are both products of China-based Synology Corporation.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. The operating system manages information such as data, files, photos, music, etc...
[SECURITY] Fedora 40 Update: python-spotipy-2.25.1-1.fc40
A light weight Python library for the Spotify Web API...
[SECURITY] Fedora 41 Update: python-spotipy-2.25.1-1.fc41
A light weight Python library for the Spotify Web API...
Spotipy 安全漏洞
Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A security vulnerability exists in Spotipy versions prior to 2.25.1, which stems from the CacheHandler class creating a cache file with overly lax permissions, which could lead to the disclosure ...
CVE-2025-20075
CVE-2025-20075 describes a Server-Side Request Forgery (SSRF) in FileMegane by JIP InfoBridge. Affected versions are above 3.0.0.0 and below 3.4.0.0; the issue allows executing arbitrary backend Web API requests, with potential for rebooting services. Root cause is SSRF in FileMegane’s handling o...