CVE-2026-48797

Backpropagate is a Python library for fine-tuning LLMs on a single GPU. In versions 1.1.0 and 1.1.1, the Reflex web UI exposes a training control plane without authentication, allowing dataset upload, model load, training control, multi-run orchestration, GGUF export, and HuggingFace Hub push. Th...

Cross-Site Scripting (XSS)

CKAN is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-supplied input in the helpers.markdownextract function before it is wrapped in an HTML literal element, which allows an attacker to inject and execute malicious scripts on dataset,...

CVE-2026-42558

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...

CVE-2026-42558 Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...

Bridging the Smart City Cybersecurity Data Gap through AI-Driven Synthetic Dataset Generation

Smart cities rely on interconnected cyber-physical systems that integrate sensors, IoT devices, cloud platforms, and AI-driven services and decision-making. While these systems enhance city services, they also introduce complex cybersecurity challenges due to their large attack surfaces,...

Mind Your Key: An Empirical Study of LLM API Credential Leakage in IOS Apps

The rapid integration of large language models LLMs into mobile applications has introduced a new class of credential security risk: leaked credentials that grant unauthorized access to LLM inference services, causing financial damage to developers. Prior work on credential leakage has focused...

Categorical Robustness Assessment for Machine Learning Based Network Intrusion Detection Systems

Network Intrusion Detection Systems NIDS heavily utlize Machine Learning ML but ML models can be manipulated via adversarial attacks. These attacks add carefully crafted perturbations to network traffic data that leads to misclassifications. While prior work has demonstrated adversarial...

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

On the Study of Biometric Spoofing Detection Using Deep Learning

Biometric systems are increasingly deployed in security applications; however, they remain vulnerable to spoofing attacks, in which attackers exploit counterfeit biometric data to gain unauthorized access. This research evaluates the effectiveness of state-of-the-art machine learning models,...

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

EUVD-2026-35114

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

CVE-2026-46477

FlowiseAI’s CVE-2026-46477 describes a mass-assignment vulnerability in the dataset service prior to version 3.1.2. The code uses Object.assign to copy the request body into a new Dataset for create and update, allowing client-controlled fields such as workspaceId and id to overwrite persisted va...

CVE-2026-10803

A flaw was found in MLflow. This vulnerability stems from the use of a weak hash algorithm within the Dataset Digest Computation component. A local attacker could potentially exploit this weakness, which may impact the integrity or authenticity of data. Exploitation is considered difficult due to...

Unveiling Privacy Risks in Multi-Modal Large Language Models: Task-Specific Vulnerabilities and Mitigation Challenges

Privacy risks in text-only Large Language Models LLMs are well studied, particularly their tendency to memorize and leak sensitive information. However, Multi-modal Large Language Models MLLMs, which process both text and images, introduce unique privacy challenges that remain underexplored...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability, which stemmed from issues with batch assignment during dataset creation and updating. This vulnerability could lead to...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability, which stemmed from issues with batch assignment during the creation and updating of DatasetRows. This vulnerability could le...