VulStyle: A Multi-Modal Pre-Training for Code Stylometry-Augmented Vulnerability Detection

We present VulStyle, a multi-modal software vulnerability detection model that jointly encodes function-level source code, non-terminal Abstract Syntax Tree AST structure, and code stylometry CStyle features. Prior work in code representation primarily leverages token-level models or full AST...

GHSA-Q882-JC55-6343 kaggle-mcp has a Path Traversal issue

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

Directory Traversal

Overview kaggle-mcp is an A MCP server for kaggle apis Affected versions of this package are vulnerable to Directory Traversal via the preparekaggledataset function in src/kagglemcp/server.py when processing the competitionid argument. An attacker can access arbitrary files on the server by...

kaggle-mcp has a Path Traversal issue

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

CVE-2026-7149

CVE-2026-7149 affects dexhunter kaggle-mcp: path traversal vulnerability in src/kaggle_mcp/server.py::prepare_kaggle_dataset caused by manipulating the competition_id. Attack is remote and publicly disclosed; no explicit affected version details can be given due to rolling-release policy. Project...

CVE-2026-7149 dexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversal

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

EUVD-2026-25911

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

CVE-2026-7149 dexhunter kaggle-mcp server.py prepare_kaggle_dataset path traversal

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

kaggle-mcp MCP server 路径遍历漏洞

Kaggle-mcp MCP server is a MCP server tool developed by Dex’s individual developers for Kaggle APIs. The kaggle-mcp MCP server has a path traversal vulnerability. This vulnerability stems from improper handling of the competitionid parameter in the preparekaggledataset function located in the...

PT-2026-35516

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare kaggle dataset of the file src/kaggle mcp/server.py. The manipulation of the argument competition id leads to path traversal. The attack is possib...

Scalable and Verifiable Federated Learning for Cross-Institution Financial Fraud Detection

The global financial ecosystem confronts a critical asymmetry: while fraud syndicates operate as borderless, distributed networks, banking institutions remain constrained by regulatory data silos, limiting visibility into cross-institutional threat patterns under strict privacy laws such as GDPR...

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

CVE-2026-31952

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

CVE-2026-31955

CVE-2026-31955 affects Xibo CMS prior to 4.4.1. An authenticated SSRF vulnerability in the remote DataSet functionality allows users with DataSet permissions (and the privilege to add DataSets to Layouts) to cause the CMS server to issue arbitrary HTTP requests to internal or external resources. ...

CVE-2026-31955 Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

EUVD-2026-25366

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...

CVE-2026-31955

Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery SSRF vulnerability in versions prior to 4.4.1 allows users with DataSet permissions to make arbitrary HTTP requests from the CMS...