2 matches found
CVE-2025-51464
The CVE-2025-51464 entry affects aimhubio Aim version 3.28.0. A cross-site scripting (XSS) vulnerability exists in the /api/reports endpoint where Python code is submitted and interpreted by Pyodide when a report is viewed, allowing execution of arbitrary JavaScript in a victim’s browser via pyod...
CVE-2025-51463
CVE-2025-51463 concerns AIM 3.28.0, where a path traversal flaw in the restore_run_backup() function lets remote attackers craft a backup tar for the run_instruction API and write arbitrary files to the server filesystem because paths are not validated during extraction. Affected component: AIM s...