CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0189 – Denial of Service in aimhubio/aim
https://notcve.org/view.php?id=CVE-2025-0189
20 Mar 2025 — In version 3.25.0 of aimhubio/aim, the tracking server is vulnerable to a denial of service attack. The server overrides the maximum size for websocket messages, allowing very large images to be tracked. This causes the server to become unresponsive to other requests while processing the large image, leading to a denial of service condition. • https://huntr.com/bounties/e4c9bf41-72cf-4d04-baaf-8f12b5b7926e • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0190 – Denial of Service in aimhubio/aim
https://notcve.org/view.php?id=CVE-2025-0190
20 Mar 2025 — In version 3.25.0 of aimhubio/aim, a denial of service vulnerability exists. By tracking a large number of `Text` objects and then querying them simultaneously through the web API, the Aim web server becomes unresponsive to other requests for an extended period while processing and returning these objects. This vulnerability can be exploited repeatedly, leading to a complete denial of service. • https://huntr.com/bounties/38d151f1-abb4-443a-86b0-6c26f0c6cb70 • CWE-1049: Excessive Data Query Operations in a Large Data Table •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6578 – Stored XSS in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6578
29 Jul 2024 — A stored cross-site scripting (XSS) vulnerability exists in aimhubio/aim version 3.19.3. The vulnerability arises from the improper neutralization of input during web page generation, specifically in the logs-tab for runs. The terminal output logs are displayed using the `dangerouslySetInnerHTML` function in React, which is susceptible to XSS attacks. An attacker can exploit this vulnerability by injecting malicious scripts into the logs, which will be executed when a user views the logs-tab. • https://huntr.com/bounties/5b1ebc67-5346-44aa-b8b8-3c1c09d79680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6227 – Infinite Loop in aimhubio/aim
https://notcve.org/view.php?id=CVE-2024-6227
08 Jul 2024 — A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections. Una vulnerabilidad en aimhubio/aim versión 3.19.3 permite a un atacante provocar una denegación de servicio configurando el servidor de seguimiento remoto para que apunte a sí mismo. Esto da como resultado que el servidor se conecte interminab... • https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43775 – Arbitrary file reading vulnerability in Aim
https://notcve.org/view.php?id=CVE-2021-43775
23 Nov 2021 — Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0. Aim es una h... • https://github.com/aimhubio/aim/blob/0b99c6ca08e0ba7e7011453a2f68033e9b1d1bce/aim/web/api/views.py#L9-L16 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •