981 matches found
CVE-2026-7681
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...
CVE-2026-7681
The CVE-2026-7681 entry concerns jsbroks COCO Annotator (up to version 0.11.1). The vulnerability affects the Dataset API’s datasets.py (backend/webserver/api/datasets.py) where manipulation of the DatasetId argument bypasses authorization. Impact is described as potential remote exploitation wit...
CVE-2026-7681 jsbroks COCO Annotator Dataset API datasets.py authorization
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...
CVE-2026-7681 jsbroks COCO Annotator Dataset API datasets.py authorization
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...
PT-2026-36683
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...
VulKey: Automated Vulnerability Repair Guided by Domain-Specific Repair Patterns
The increasing prevalence of software vulnerabilities highlights the need for effective Automatic Vulnerability Repair AVR tools. While LLM-based approaches are promising, they struggle to incorporate structured security knowledge from sources like CWE and NVD. Current methods either use this...
COCO Annotator 授权问题漏洞
COCO Annotator is a web-based image annotation tool developed by Justin Brooks. It aims to provide versatility and efficient image annotation. Versions of COCO Annotator prior to 0.11.1 contained an authorization vulnerability. This vulnerability stemmed from an unknown feature in the Dataset API...
CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
EUVD-2026-26411
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
CVE-2026-40904
Chartbrew CVE-2026-40904 affects Chartbrew 4.9.0, where dataset and dataRequest endpoints incorrectly authorize at the team level rather than binding the requested dataset_id, dataRequest_id, and connection_id to the caller’s allowed projects. This enables a user with access to one project inside...
TwinGate: Stateful Defense against Decompositional Jailbreaks in Untraceable Traffic Via Asymmetric Contrastive Learning
Decompositional jailbreaks pose a critical threat to large language models LLMs by allowing adversaries to fragment a malicious objective into a sequence of individually benign queries that collectively reconstruct prohibited content. In real-world deployments, LLMs face a continuous, untraceable...
RoboKA: KAN Informed Multimodal Learning for RoboCall Surveillance System
Wide exploration on robocall surveillance research is hindered due to limited access to public datasets, due to privacy concerns. In this work, we first curate Robo-SAr, a synthetic robocall dataset designed for robocall surveillance research. Robo-SAr comprises of 200 unwanted and 1200 legitimat...
chartbrew 访问控制错误漏洞
Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that multiple dataset and data request endpoints are authorized only to project members wi...
VulStyle: A Multi-Modal Pre-Training for Code Stylometry-Augmented Vulnerability Detection
We present VulStyle, a multi-modal software vulnerability detection model that jointly encodes function-level source code, non-terminal Abstract Syntax Tree AST structure, and code stylometry CStyle features. Prior work in code representation primarily leverages token-level models or full AST...
Formulating Subgroup Discovery As a Quantum Optimization Problem for Network Security
While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery SD addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic bea...
GHSA-Q882-JC55-6343 kaggle-mcp has a Path Traversal issue
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...
kaggle-mcp has a Path Traversal issue
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...
Directory Traversal
Overview kaggle-mcp is an A MCP server for kaggle apis Affected versions of this package are vulnerable to Directory Traversal via the preparekaggledataset function in src/kagglemcp/server.py when processing the competitionid argument. An attacker can access arbitrary files on the server by...
CVE-2026-7149
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...
EUVD-2026-25911
A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...