Every CVE whose affected-product data names Clear Clearml, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-24594 — CVSS 9.9 (critical): A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote…
CVE-2024-24592 — CVSS 9.8 (critical): Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to…
CVE-2024-24593 — CVSS 9.6 (critical): A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML…
CVE-2024-24590 — CVSS 8.0 (high): Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a…
CVE-2024-24591 — CVSS 8.0 (high): A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously…
CVE-2024-24595 — CVSS 6.0 (medium): Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server…