Lucene search
K

981 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/03 5:0 a.m.7 views

CVE-2026-7681

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

6.9CVSS6.2AI score0.00455EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/03 5:0 a.m.27 views

CVE-2026-7681

The CVE-2026-7681 entry concerns jsbroks COCO Annotator (up to version 0.11.1). The vulnerability affects the Dataset API’s datasets.py (backend/webserver/api/datasets.py) where manipulation of the DatasetId argument bypasses authorization. Impact is described as potential remote exploitation wit...

6.9CVSS6.2AI score0.00455EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/03 5:0 a.m.5 views

CVE-2026-7681 jsbroks COCO Annotator Dataset API datasets.py authorization

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

6.9CVSS6.2AI score0.00455EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 5:0 a.m.41 views

CVE-2026-7681 jsbroks COCO Annotator Dataset API datasets.py authorization

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

6.9CVSS0.00455EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/03 12:0 a.m.12 views

PT-2026-36683

A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The...

6.9CVSS6.2AI score0.00455EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/03 12:0 a.m.6 views

VulKey: Automated Vulnerability Repair Guided by Domain-Specific Repair Patterns

The increasing prevalence of software vulnerabilities highlights the need for effective Automatic Vulnerability Repair AVR tools. While LLM-based approaches are promising, they struggle to incorporate structured security knowledge from sources like CWE and NVD. Current methods either use this...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.9 views

COCO Annotator 授权问题漏洞

COCO Annotator is a web-based image annotation tool developed by Justin Brooks. It aims to provide versatility and efficient image annotation. Versions of COCO Annotator prior to 0.11.1 contained an authorization vulnerability. This vulnerability stemmed from an unknown feature in the Dataset API...

6.9CVSS6.5AI score0.00455EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 6:20 p.m.30 views

CVE-2026-40904 Chartbrew: Incorrect Access Control in dataset and dataRequest routes via team-scoped permission checks

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 6:20 p.m.5 views

EUVD-2026-26411

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.3AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 6:20 p.m.18 views

CVE-2026-40904

Chartbrew CVE-2026-40904 affects Chartbrew 4.9.0, where dataset and dataRequest endpoints incorrectly authorize at the team level rather than binding the requested dataset_id, dataRequest_id, and connection_id to the caller’s allowed projects. This enables a user with access to one project inside...

8.1CVSS5.4AI score0.00235EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.11 views

TwinGate: Stateful Defense against Decompositional Jailbreaks in Untraceable Traffic Via Asymmetric Contrastive Learning

Decompositional jailbreaks pose a critical threat to large language models LLMs by allowing adversaries to fragment a malicious objective into a sequence of individually benign queries that collectively reconstruct prohibited content. In real-world deployments, LLMs face a continuous, untraceable...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/30 12:0 a.m.9 views

RoboKA: KAN Informed Multimodal Learning for RoboCall Surveillance System

Wide exploration on robocall surveillance research is hindered due to limited access to public datasets, due to privacy concerns. In this work, we first curate Robo-SAr, a synthetic robocall dataset designed for robocall surveillance research. Robo-SAr comprises of 200 unwanted and 1200 legitimat...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

chartbrew 访问控制错误漏洞

Chartbrew is an open-source data visualization and dashboard-building tool developed by Chartbrew. Version 4.9.0 of Chartbrew contains a access control vulnerability. This vulnerability arises from the fact that multiple dataset and data request endpoints are authorized only to project members wi...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.11 views

VulStyle: A Multi-Modal Pre-Training for Code Stylometry-Augmented Vulnerability Detection

We present VulStyle, a multi-modal software vulnerability detection model that jointly encodes function-level source code, non-terminal Abstract Syntax Tree AST structure, and code stylometry CStyle features. Prior work in code representation primarily leverages token-level models or full AST...

5.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.7 views

Formulating Subgroup Discovery As a Quantum Optimization Problem for Network Security

While current network intrusion detection systems achieve satisfactory accuracy, they often lack explainability. Subgroup Discovery SD addresses this by building interpretable rules that characterize feature interactions associated with attack traffic. With large datasets, classical heuristic bea...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/27 9:31 p.m.3 views

GHSA-Q882-JC55-6343 kaggle-mcp has a Path Traversal issue

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.3CVSS5.4AI score0.00411EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/27 9:31 p.m.8 views

kaggle-mcp has a Path Traversal issue

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS6.7AI score0.00411EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/04/27 9:31 p.m.10 views

Directory Traversal

Overview kaggle-mcp is an A MCP server for kaggle apis Affected versions of this package are vulnerable to Directory Traversal via the preparekaggledataset function in src/kagglemcp/server.py when processing the competitionid argument. An attacker can access arbitrary files on the server by...

7.5CVSS7.5AI score0.00411EPSS
Exploits0References2
NVD
NVD
added 2026/04/27 7:16 p.m.6 views

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS0.00411EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/27 6:45 p.m.6 views

EUVD-2026-25911

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS5.2AI score0.00411EPSS
Exploits0References5
Rows per page
Query Builder