{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T07:45:15.971","vulnerabilities":[{"cve":{"id":"CVE-2024-7760","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:36.590","lastModified":"2025-07-21T19:47:31.643","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"aimhubio/aim version 3.22.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the tracking server. The vulnerability is due to overly permissive CORS settings, allowing cross-origin requests from all origins. This enables CSRF attacks on all endpoints of the tracking server, which can be chained with other existing vulnerabilities such as remote code execution, denial of service, and arbitrary file read/write."},{"lang":"es","value":"La versión 3.22.0 de aimhubio/aim contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en el servidor de seguimiento. Esta vulnerabilidad se debe a una configuración CORS excesivamente permisiva, que permite solicitudes de origen cruzado desde cualquier origen. Esto posibilita ataques CSRF en todos los endpoints del servidor de seguimiento, lo que puede combinarse con otras vulnerabilidades existentes, como la ejecución remota de código, la denegación de servicio y la lectura y escritura arbitraria de archivos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aimstack:aim:3.22.0:*:*:*:*:python:*:*","matchCriteriaId":"3BC21D48-2995-448A-ACF4-AB078A1A619B"}]}]}],"references":[{"url":"https://huntr.com/bounties/2038df5f-4829-4040-8573-67bf9bb89229","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}