Lucene search
K

995 matches found

NVD
NVD
added 2026/07/07 10:16 p.m.11 views

CVE-2026-54601

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...

6.3CVSS0.00246EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:18 p.m.7 views

CVE-2026-55418

FastGPT is an open source AI knowledge base platform. Prior to v4.15.0-beta5, two FastGPT file handlers authorize an unrelated resource and then sign or read an S3 object using a key taken directly from the request, without checking that the key belongs to the caller's team. Because S3 object key...

8.6CVSS6AI score0.00299EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/07/07 9:16 p.m.13 views

CVE-2026-54601

CVE-2026-54601 affects FastGPT up to 4.15.0-beta4, where an authenticated tenant user can abuse POST /api/core/dataset/collection/create/reTrainingCollection to persist a server-owned datasetId from another tenant. This yields mixed dataset objects and downstream endpoints (dataset, collection, a...

6.3CVSS6AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 9:16 p.m.24 views

CVE-2026-54601 FastGPT: reTrainingCollection allows server-owned datasetId override causing cross-tenant authorization confusion

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...

6.3CVSS0.00246EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:16 p.m.7 views

CVE-2026-54601

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...

6.3CVSS6AI score0.00246EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/07 9:16 p.m.5 views

CVE-2026-54601 FastGPT: reTrainingCollection allows server-owned datasetId override causing cross-tenant authorization confusion

FastGPT is an open source AI knowledge base platform. From 4.14.17 to before 4.15.0-beta4, FastGPT allows an authenticated tenant user to call POST /api/core/dataset/collection/create/reTrainingCollection in a way that persists a server-owned datasetId value from another tenant. This creates mixe...

6.3CVSS6AI score0.00246EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:41 p.m.5 views

CVE-2026-50530

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS6AI score0.00238EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/07 8:41 p.m.14 views

CVE-2026-50530

DataEase prior to version 2.10.24 exposes a vulnerability in the share mode chart data interface. The API path POST /de2api/chartData/getData only validates that sceneId matches the resourceId in the link token and does not verify whether tableId and field IDs in the request body belong to the sh...

7.1CVSS6AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.6 views

PT-2026-56259

Name of the Vulnerable Software and Affected Versions FastGPT versions 4.14.17 through 4.15.0-beta3 Description An authenticated tenant user can call the 'POST /api/core/dataset/collection/create/reTrainingCollection' endpoint to persist a datasetId value belonging to another tenant. This results...

6.3CVSS6.1AI score0.00246EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/07/03 10:16 a.m.9 views

CVE-2026-12480

A flaw was found in Keras. An attacker can craft a malicious model archive or weights file containing a Virtual Dataset VDS that references external files on a victim's system. When a user loads this malicious model, the external file is transparently read. This vulnerability leads to information...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 5:16 p.m.5 views

DEBIAN-CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 4:53 p.m.20 views

CVE-2026-12480

CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 4:53 p.m.36 views

CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS0.00127EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 4:53 p.m.5 views

CVE-2026-12480 Arbitrary HDF5 File Read via Virtual Dataset Bypass in keras-team/keras

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 1:17 p.m.6 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:16 p.m.33 views

CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS0.03016EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:16 p.m.5 views

CVE-2026-56782

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS5.8AI score0.03016EPSS
Exploits2References5
EUVD
EUVD
added 2026/06/29 5:16 p.m.12 views

EUVD-2026-40158

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS5.8AI score0.03016EPSS
Exploits2References4
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-312 Ckan remote code execution and private information access via crafted resource ids

Specific vulnerabilities: Arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also reachable via packagecreate, packagerevise, and packagepatch via calls to packageupdate. Remote code execution via unsafe pickle loading, via Beaker's session store...

9.8CVSS7.9AI score0.01684EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 8:34 p.m.5 views

GHSA-F65R-H4G3-3H9H Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References4
Rows per page
Query Builder