Browse all 6 CVE security advisories affecting Allegro.AI. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Allegro.AI develops MLOps platforms for enterprise AI model development and deployment. Historically, their systems have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, primarily through insecure APIs and insufficient input validation. The company maintains six CVE records, with notable flaws including authentication bypasses and insecure default configurations. Allegro.AI's security posture reflects common challenges in AI/ML tooling, where complex infrastructure and rapid development cycles can introduce risks. While no major public incidents have been documented, their vulnerability history suggests a need for robust security testing in containerized environments and API endpoints to prevent unauthorized access and code execution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-24594 | Allegro 跨站脚本漏洞 — ClearMLCWE-79 | 9.9 | Critical | 2024-02-06 |
| CVE-2024-24593 | Allegro 跨站请求伪造漏洞 — ClearMLCWE-352 | 9.6 | Critical | 2024-02-06 |
| CVE-2024-24592 | Allegro 授权问题漏洞 — ClearMLCWE-425 | 9.8 | Critical | 2024-02-06 |
| CVE-2024-24591 | Allegro 路径遍历漏洞 — ClearMLCWE-22 | 8.0 | High | 2024-02-06 |
| CVE-2024-24590 | Allegro 代码问题漏洞 — ClearMLCWE-502 | 8.0 | High | 2024-02-06 |
| CVE-2024-24595 | Allegro AI ClearML 安全漏洞 — ClearMLCWE-522 | 6.0 | Medium | 2024-02-05 |
This page lists every published CVE security advisory associated with Allegro.AI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.