VYPR
Vendor

Clearml

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2025-8917MedOct 5, 2025
    risk 0.31cvss 5.8epss 0.00

    A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, potentially resulting in remote code…

  • CVE-2024-39272Feb 6, 2025
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to an arbitrary html code. An attacker can send a series of HTTP requests to trigger this vulnerability.

  • CVE-2024-43779Feb 6, 2025
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the Vault API functionality of ClearML Enterprise Server 3.22.5-1533. A specially crafted HTTP request can lead to reading vaults that have been previously disabled, possibly leaking sensitive credentials. An attacker can send a…

  • CVE-2024-24594Feb 6, 2024
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.

  • CVE-2024-24593Feb 6, 2024
    risk 0.00cvss epss 0.00

    A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability…

  • CVE-2024-24592Feb 6, 2024
    risk 0.00cvss epss 0.01

    Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files.