Lucene search
K

995 matches found

CNNVD
CNNVD
added 2026/06/08 12:0 a.m.16 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability, which stemmed from issues with batch assignment during dataset creation and updating. This vulnerability could lead to...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.8 views

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability, which stemmed from issues with batch assignment during the creation and updating of DatasetRows. This vulnerability could le...

8.8CVSS5.3AI score0.00342EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.8 views

Secrets Best Not Shared: DNS Privacy Enhancements for the Constrained IoT

Attackers often identify DNS traffic to disrupt or compromise Internet services. While prior work has focused on encrypting queries using DNS over TLS, HTTPS, or QUIC to counter such attacks, we consider IETF protocols designed for resource-constrained IoT devices and empirically analyze the...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/08 12:0 a.m.13 views

The Chronicles of Radio Frequency Fingerprinting

Radio Frequency Fingerprinting RFF has evolved from an early idea for radar emitter identification into a broad research field for wireless device identification and spectrum monitoring for security. Rather than presenting a conventional literature survey, this work provides a critical historical...

5.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-7149

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function preparekaggledataset of the file src/kagglemcp/server.py. The manipulation of the argument competitionid leads to path traversal. The attack is possible t...

7.5CVSS6.5AI score0.00411EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33083

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-33082

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...

9.8CVSS5.8AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-31952

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 8:52 a.m.9 views

BIT-MLFLOW-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS4.7AI score0.00103EPSS
Exploits1References8
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.10 views

Empirical Evaluation of Large Language Models for Migration of Code Fragments to Post-Quantum Cryptography

The transition to post-quantum cryptography PQC requires not only replacing vulnerable cryptographic primitives, but also refactoring the surrounding software logic. While existing PQC migration frameworks provide organizational guidance, practical code-level remediation remains largely manual an...

5.6AI score
Exploits0
Cvelist
Cvelist
added 2026/06/04 7:28 p.m.34 views

CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:28 p.m.10 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 7:28 p.m.13 views

CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS5.8AI score0.002EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 7:28 p.m.30 views

CVE-2026-41518

Chartbrew (versions 4.9.0–5.0.0) is affected by a stored DOM XSS in the ChartTooltip rendering path. An authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in ChartDatasetConfig.legend, which is persisted and injected into the tooltip via an unguarded innerHTML ...

7.6CVSS6AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 7:28 p.m.3 views

CVE-2026-41518 Chartbrew has a stored DOM XSS via Chart Tooltip innerHTML (ChartDatasetConfig.legend)

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6.2AI score0.002EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/04 12:16 p.m.10 views

PYSEC-0000-CVE-2026-10803

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS4.7AI score0.00103EPSS
Exploits1References7Affected Software1
PyPA
PyPA
added 2026/06/04 12:16 p.m.12 views

PYSEC-2026-195

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS4.7AI score0.00103EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/06/04 12:16 p.m.12 views

PYSEC-2026-195

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

2CVSS4.7AI score0.00103EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/06/04 11:45 a.m.8 views

CVE-2026-10803 MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS5.1AI score0.00103EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/04 11:45 a.m.12 views

EUVD-2026-34245

A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digestutils of the file mlflow/data/digestutils.py of the component Dataset Digest Computation. This manipulation causes use of weak hash. It is possible to launch the attack on the local host. The attack is...

3.6CVSS5.1AI score0.00103EPSS
Exploits1References7
Rows per page
Query Builder