Lucene search
K

887 matches found

OSV
OSV
added 2025/03/20 10:15 a.m.10 views

CVE-2025-0190

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS7.1AI score
Exploits0References1
OSV
OSV
added 2025/03/20 10:15 a.m.6 views

CVE-2024-12778

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS7.3AI score
Exploits0References1
NVD
NVD
added 2025/03/20 10:15 a.m.7 views

CVE-2024-12778

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS0.00727EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.8 views

CVE-2024-11042

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

9.1CVSS7.1AI score
Exploits0References2
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-11042

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

9.1CVSS0.01348EPSS
Exploits0References2
OSV
OSV
added 2025/03/20 10:15 a.m.5 views

CVE-2024-10902

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...

9.8CVSS8.3AI score
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.10 views

CVE-2024-12778 Denial of Service in aimhubio/aim

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service DoS attack. The issue arises when a large number of tracked metrics are retrieved simultaneously from the Aim web API, causing the web server to become unresponsive. The root cause is the lack of a limit on the number o...

7.5CVSS0.00727EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.76 views

CVE-2024-12778

CVE-2024-12778 affects the Aim project (aimhubio/aim) v3.25.0. The root cause is an absence of a limit on the number of metrics requested per call, which, together with a single-threaded server, allows excessive resource consumption and can render the web API unresponsive (DoS). Concretely, retri...

7.5CVSS7.5AI score0.00727EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/03/20 10:9 a.m.53 views

CVE-2024-10901

CVE-2024-10901 affects eosphoros-ai/db-gpt. In v0.6.0 (and earlier per OSV entry), the web API POST /api/v1/editor/chart/run allows executing arbitrary SQL without access controls, enabling Arbitrary File Write and potentially Remote Code Execution by writing files such as init .py into Python’s ...

9.8CVSS9.7AI score0.00994EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:8 a.m.12 views

CVE-2024-11042 Arbitrary File Delete in invoke-ai/invokeai

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

9.1CVSS0.01348EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.7 views

CVE-2024-11042 Arbitrary File Delete in invoke-ai/invokeai

In invoke-ai/invokeai version v5.0.2, the web API POST /api/v1/images/delete is vulnerable to Arbitrary File Deletion. This vulnerability allows unauthorized attackers to delete arbitrary files on the server, potentially including critical or sensitive system files such as SSH keys, SQLite...

9.1CVSS9.3AI score0.01348EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 10:8 a.m.31 views

CVE-2025-0190 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS0.0059EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:8 a.m.7 views

CVE-2025-0190 Denial of Service in aimhubio/aim

In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of Text objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these...

7.5CVSS7.5AI score0.0059EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:8 a.m.90 views

CVE-2025-0190

CVE-2025-0190 affects the Aim web server in the aimhubio/aim package (version 3.25.0). The underlying issue is an excessive data query operation: tracking a large number of Text objects and then querying them simultaneously via the web API can cause the server to become unresponsive to other requ...

7.5CVSS7.5AI score0.0059EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

DB-GPT SQL注入漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. DB-GPT version v0.6.0 suffers from a SQL injection vulnerability that originates from the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries, which can be...

9.8CVSS9.7AI score0.01083EPSS
Exploits2References1
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.8 views

Synology DiskStation Manager(DSM)和Synology BeeStation Manager 安全漏洞

Synology DiskStation Manager DSM and Synology BeeStation Manager are both products of China-based Synology Corporation.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. The operating system manages information such as data, files, photos, music, etc...

5.3CVSS6.2AI score0.26952EPSS
Exploits0References4
Fedora
Fedora
added 2025/03/08 1:36 a.m.17 views

[SECURITY] Fedora 40 Update: python-spotipy-2.25.1-1.fc40

A light weight Python library for the Spotify Web API...

9.8CVSS7AI score0.00589EPSS
Exploits1
Fedora
Fedora
added 2025/03/08 1:24 a.m.12 views

[SECURITY] Fedora 41 Update: python-spotipy-2.25.1-1.fc41

A light weight Python library for the Spotify Web API...

9.8CVSS7AI score0.00589EPSS
Exploits1
CNNVD
CNNVD
added 2025/02/27 12:0 a.m.13 views

Spotipy 安全漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A security vulnerability exists in Spotipy versions prior to 2.25.1, which stems from the CacheHandler class creating a cache file with overly lax permissions, which could lead to the disclosure ...

9.8CVSS6.8AI score0.00589EPSS
Exploits1References5
CVE
CVE
added 2025/02/17 11:57 p.m.88 views

CVE-2025-20075

CVE-2025-20075 describes a Server-Side Request Forgery (SSRF) in FileMegane by JIP InfoBridge. Affected versions are above 3.0.0.0 and below 3.4.0.0; the issue allows executing arbitrary backend Web API requests, with potential for rebooting services. Root cause is SSRF in FileMegane’s handling o...

7.2CVSS7AI score0.00327EPSS
Exploits0References2
Rows per page
Query Builder