CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

NVD•added 2026/06/12 5:16 p.m.•14 views

CVE-2026-3840

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The getversionedpath method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS0.00186EPSS

Exploits1References1

EUVD•added 2026/06/12 3:45 p.m.•7 views

EUVD-2026-36497

7.1CVSS7.2AI score0.00186EPSS

Exploits1References1

Vulnrichment•added 2026/06/12 3:45 p.m.•10 views

CVE-2026-3840 Path Traversal in kedro-org/kedro

7.1CVSS7.2AI score0.00186EPSS

Exploits1References1

CVE•added 2026/06/12 3:45 p.m.•12 views

CVE-2026-3840

CVE-2026-3840 affects Kedro 1.2.0 and allows path traversal via unsanitized version strings. The vulnerability stems from _get_versioned_path() interpolating user-supplied version strings into filesystem paths and from _split_load_versions() not validating versions, making it possible to escape t...

7.1CVSS7.2AI score0.00186EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/06/12 3:45 p.m.•26 views

CVE-2026-3840 Path Traversal in kedro-org/kedro

7.1CVSS0.00186EPSS

Exploits1References1

Positive Technologies•added 2026/06/12 12:0 a.m.•13 views

PT-2026-48927

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The get versioned path method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS7.1AI score0.00186EPSS

Exploits1References2

PyPA•added 2026/04/06 6:16 p.m.•6 views

PYSEC-2026-71

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

8.1CVSS5.8AI score0.00327EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/04/06 5:43 p.m.•2 views

CVE-2026-35167

7.1CVSS5.9AI score0.00327EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/06 5:43 p.m.•1 views

CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string

7.1CVSS5.9AI score0.00327EPSS

Exploits0References2

Github Security Blog•added 2026/04/03 3:46 a.m.•6 views

Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

8.1CVSS5.9AI score0.00327EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/04/03 12:0 a.m.•5 views

PT-2026-30018

Impact The get versioned path method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended version...

7.1CVSS5.9AI score0.00327EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by