PYSEC-2026-71

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

Kedro: Path Traversal in versioned dataset loading via unsanitized version string

Impact The getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences such as ../ are preserved and can escape the intended versioned...

CVE-2026-24310

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentialit...

refinance-poc

Refi-Ready POC This project is a Proof-of-Concept for a serve...

EUVD-2023-30087

Malicious code in bioql PyPI...

EUVD-2023-37415

Malicious code in bioql PyPI...

EUVD-2023-30088

Malicious code in bioql PyPI...

EUVD-2023-40271

Malicious code in bioql PyPI...

EUVD-2021-29792

Malicious code in bioql PyPI...

Security Bulletin: IBM Fusion Data Catalog Service is vulnerable to elevated container linux kernel privileges (CVE-2022-0185)

Summary IBM Fusion's Data Catalog Service containers previously required certain elevated linux kernel privileges. CVE-2022-0185. Vulnerability Details CVEID:CVE-2022-0185 DESCRIPTION: A heap-based buffer overflow flaw was found in the way the legacyparseparam function in the Filesystem Context...

Malicious code in data-catalog-api-schema (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-5388 Malicious code in data-catalog-api-schema (npm)

The package communicates with a domain associated with malicious activity...

CVE-2023-36301

Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet...

CVE-2023-33247

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...

CVE-2023-26264

All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity XXE attacks in the license parsing code...

CVE-2023-26263

All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity XXE attacks in the /MIMBWebServices/license endpoint of the remote harvesting server...

JetBrains TeamCity Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

PT-2024-29499 · Ckan · Ckan

Name of the Vulnerable Software and Affected Versions: CKAN versions prior to 2.10.5 CKAN versions prior to 2.11.0 Description: CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues with the Solr server, the internal Solr URL...

Malicious code in google-cloud-datacatalog-lineage-producer-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 73ea760146181d2911e0823c121502506892b2e63d3fc20d6281fb2c86e03de8 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...