Vendor
Lablup
Products
1
CVEs
3
Across products
3
Status
Private
Products
1- 3 CVEs
Recent CVEs
3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-49652 | Cri | 0.57 | 9.8 | 0.00 | Jun 9, 2025 | Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled. | |
| CVE-2025-49651 | Hig | 0.53 | 8.1 | 0.00 | Jun 9, 2025 | Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI. | |
| CVE-2025-49653 | Hig | 0.52 | 8.0 | 0.00 | Jun 9, 2025 | Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform. |
- risk 0.57cvss 9.8epss 0.00
Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.
- risk 0.53cvss 8.1epss 0.00
Missing Authorization in Lablup's BackendAI allows attackers to takeover all active sessions; Accessing, stealing, or altering any data accessible in the session. This vulnerability exists in all current versions of BackendAI.
- risk 0.52cvss 8.0epss 0.00
Exposure of sensitive data in active sessions in Lablup's BackendAI allows attackers to retrieve credentials for users on the management platform.