Lucene search
K

338 matches found

Cvelist
Cvelist
added 2026/07/07 8:41 p.m.28 views

CVE-2026-50530 DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 8:41 p.m.5 views

CVE-2026-50530 DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS6AI score0.00238EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 7:16 p.m.2 views

CVE-2026-48957

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2026/07/07 7:16 p.m.11 views

CVE-2026-48957

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:30 p.m.13 views

CVE-2026-48957

CVE-2026-48957 affects Joomla! Core; the issue is an improper access control in the com_privacy webservice endpoints, enabling unauthorized users to access com_privacy datasets. Multiple sources (NVD entry and CVE records from CIRCL, CVE List, and Joomla security centre) describe the root cause a...

8.8CVSS6AI score0.0024EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:30 p.m.6 views

CVE-2026-48957

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/07 5:30 p.m.7 views

CVE-2026-48957 Joomla! Core - [20260711] - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 5:30 p.m.6 views

EUVD-2026-42064

An improper access check allows unauthorized users to access comprivacy datasets...

6.4CVSS6AI score0.0024EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56230

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check allows unauthorized users to access datasets within the com privacy webservice endpoints. Recommendations At the moment, there is no information about a newer...

8.8CVSS6.1AI score0.0024EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 5:16 p.m.8 views

CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS0.00127EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 5:16 p.m.4 views

UBUNTU-CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 4:53 p.m.8 views

EUVD-2026-41090

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

7.5CVSS6.2AI score0.00298EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:53 p.m.7 views

CVE-2026-12480

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore.verifydataset and fileeditor.py methods, which fail to check the dataset.isvirtual property of HDF5 datasets. This allows ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54620

Keras versions up to and including 3.13.2 are vulnerable to an arbitrary HDF5 file read due to an incomplete fix for CVE-2026-1669. The vulnerability resides in the H5IOStore. verify dataset and file editor.py methods, which fail to check the dataset.is virtual property of HDF5 datasets. This...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-291 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication

Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...

9.3CVSS6.1AI score0.00324EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/26 12:8 a.m.5 views

CVE-2026-10804

A flaw was found in Streamlit, within its Palette Handler component. This vulnerability stems from the use of a weak hashing algorithm. A local attacker could exploit this flaw, though it requires a high level of technical complexity. Successful exploitation may lead to a low impact on the...

4.7CVSS5.8AI score0.00083EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/25 8:46 p.m.6 views

EUVD-2026-39562

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-48797

Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...

9.3CVSS0.00324EPSS
Exploits0References2
Joomla! Vulnerable Extensions List
Joomla! Vulnerable Extensions List
added 2026/06/12 12:0 a.m.9 views

[20260711] - Core - Incorrect Access Control in com_privacy webservice endpoints

An improper access check allows unauthorized users to access comprivacy datasets...

8.8CVSS6AI score0.0024EPSS
Exploits0Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/06/10 4:0 p.m.21 views

Turn specs into evals for any agent with ASSERT

Today, we’re releasing Adaptive Spec-driven Scoring for Evaluation and Regression Testing ASSERT, an open-source framework for turning natural-language behavior specifications into executable evaluations. Every team building an AI system starts with a clear intention for the behaviors they want t...

5.5AI score
Exploits0
Rows per page
Query Builder