Lucene search
K

981 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS6.5AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-33082

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

9.8CVSS5.8AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-31952

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 8:52 a.m.9 views

BIT-MLFLOW-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS4.7AI score0.00103EPSS
Exploits1References8
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.10 views

Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography

The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...

5.6AI score
Exploits0
Cvelist
Cvelist
added 2026/06/04 7:28 p.m.34 views

CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:28 p.m.10 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 7:28 p.m.12 views

CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS5.8AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 7:28 p.m.30 views

CVE-2026-41518

Chartbrew (versions 4.9.0–5.0.0) is affected by a stored DOM XSS in the ChartTooltip rendering path. An authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in ChartDatasetConfig.legend, which is persisted and injected into the tooltip via an unguarded innerHTML ...

7.6CVSS6AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 12:16 p.m.12 views

PYSEC-2026-195

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

2CVSS4.7AI score0.00103EPSS
Exploits1References7
PyPA
PyPA
added 2026/06/04 12:16 p.m.10 views

PYSEC-0000-CVE-2026-10803

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS4.7AI score0.00103EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/04 12:16 p.m.12 views

PYSEC-2026-195

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS4.7AI score0.00103EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:45 a.m.45 views

CVE-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS0.00103EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:45 a.m.10 views

CVE-2026-10803

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS5.1AI score0.00103EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/04 11:45 a.m.8 views

CVE-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS5.1AI score0.00103EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/04 11:45 a.m.12 views

EUVD-2026-34245

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS5.1AI score0.00103EPSS
Exploits1References7
CVE
CVE
added 2026/06/04 11:45 a.m.36 views

CVE-2026-10803

MLflow up to 3.10.0 contains a flaw in mlflow.data.digest_utils (Digest Computation) where manipulation leads to use of a weak hash. This affects the Digest Utils function in the Dataset Digest Computation component and enables a local attack. The reported exploitability is high in complexity wit...

3.6CVSS5.1AI score0.00103EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46317

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/04 12:0 a.m.16 views

Explainable AI-Driven Cyber Risk Analytics and Model Reliability Assessment for Intelligent Governance of U.S. Critical Infrastructure: An XGBoost and SHAP-Based Intrusion Detection Framework

The increasing penetrations of the critical infrastructure sector in the United States with intelligent digital technologies have greatly increased exposure to advanced cyber adversaries and operational vulnerabilities. AI-powered governance and automated decision-making systems are becoming a ke...

5.6AI score
Exploits0
Rows per page
Query Builder