aimstack 漏洞與 CVE 列表(23)

產品(CPE): — CVE 數: 23

aimstack 漏洞概覽

彙總 aimstack 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

已披露問題常與 路徑處理缺陷、跨站腳本與CSRF 相關,可能在 軟體部署與生產負載 場景中帶來 檔案覆寫與工作階段劫持 等暴露風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 212323 CVE 數
«« 第一頁 « 上一頁 第 2 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2024-2196 aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulatio [email protected] 8.8 0.54% 2024-04-10 2026-06-17
CVE-2024-2195 A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potent [email protected] 9.8 1.80% 2024-04-10 2026-06-17
CVE-2021-43775 Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0. [email protected] 8.6 1.85% 2021-11-23 2026-06-17
«« 第一頁 « 上一頁 第 2 / 2 頁 下一頁 »
cvelogic Threat Intelligence