cbcvebase.

Mymagicpower Aias vulnerabilities

3 known vulnerabilities affecting mymagicpower/aias.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-3410P2HIGHCVSS 8.8v202503082025-04-08
CVE-2025-3410 [HIGH] CWE-284 CVE-2025-3410: A vulnerability classified as critical was found in mymagicpower AIAS 20250308. This vulnerability a A vulnerability classified as critical was found in mymagicpower AIAS 20250308. This vulnerability affects unknown code of the file training_platform/train-platform/src/main/java/top/aias/training/controller/LocalStorageController.java. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit
nvd
CVE-2025-3411P3MEDIUMCVSS 6.3v202503082025-04-08
CVE-2025-3411 [MEDIUM] CWE-918 CVE-2025-3411: A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308. Thi A vulnerability, which was classified as critical, has been found in mymagicpower AIAS 20250308. This issue affects some unknown processing of the file 3_api_platform/api-platform/src/main/java/top/aias/platform/controller/AsrController.java. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotel
nvd
CVE-2025-3412P3MEDIUMCVSS 6.3v202503082025-04-08
CVE-2025-3412 [MEDIUM] CWE-918 CVE-2025-3412: A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected A vulnerability, which was classified as critical, was found in mymagicpower AIAS 20250308. Affected is an unknown function of the file 2_training_platform/train-platform/src/main/java/top/aias/training/controller/InferController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remote
nvd
Mymagicpower Aias vulnerabilities | cvebase