333 matches found
CVE-2026-50530 DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...
CVE-2026-48957 Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints
An improper access check allows unauthorized users to access comprivacy datasets...
CVE-2026-48957
The CVE-2026-48957 entry concerns Joomla! Core – specifically the com_privacy webservice endpoints. The connected documents describe an improper access check that allows unauthorized users to access com_privacy datasets, indicating a flaw in access control at the webservice layer. The affected co...
CVE-2026-48957
An improper access check allows unauthorized users to access comprivacy datasets...
EUVD-2026-42064
An improper access check allows unauthorized users to access comprivacy datasets...
UBUNTU-CVE-2026-12480
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...
CVE-2026-12480
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...
EUVD-2026-41090
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...
CVE-2026-12480
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...
PT-2026-54620
Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore. verify dataset and file editor.py methods, which fail to check the dataset.is virtual property of HDF5 datasets. This...
PYSEC-2026-291 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication
Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...
CVE-2026-10804
A flaw was found in Streamlit, within its Palette Handler component. This vulnerability stems from the use of a weak hashing algorithm. A local attacker could exploit this flaw, though it requires a high level of technical complexity. Successful exploitation may lead to a low impact on the...
EUVD-2026-39562
The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...
CVE-2026-48797
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...
[20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints
An improper access check allows unauthorized users to access comprivacy datasets...
Turn specs into evals for any agent with ASSERT
Today, we’re releasing Adaptive Spec-driven Scoring for Evaluation and Regression Testing ASSERT, an open-source framework for turning natural-language behavior specifications into executable evaluations. Every team building an AI system starts with a clear intention for the behaviors they want t...
NCMD: Benign-Anchored Feature Selection for Imbalanced Network Intrusion Detection
Feature selection is critical for network intrusion detection systems NIDS operating under high-dimensional, highly imbalanced traffic, as found in operational and defense networks. Traditional filter methods rank features using global statistics computed symmetrically across classes and thus fai...
CVE-2026-40904
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
FDM: A Framework for Decision-Making to Build ML-Based Malware Detection Systems
Selecting appropriate machine learning ML configurations for malware detection is a complex, multi-criteria problem. Model choice, feature engineering, and update mechanisms must jointly satisfy operational constraints that vary across deployment contexts. This paper proposes the Framework for...
Operationalizing Cyber Attack Prediction: A Gap-Prioritized Framework with Dataset and Model Selection Guidelines
While AI and machine learning for cyber attack prediction have advanced, a critical gap persists between theoretical research and practical operational deployment. Building on Ankalaki et al. 2025, this paper provides a comprehensive analysis of 150+ benchmark datasets and 200+ studies to identif...