3 matches found
PYSEC-2026-291 Backpropagate: backprop ui --auth and backprop ui --share do not enforce authentication
Summary In backpropagate = 1.1.0, the optional Reflex web UI pip install backpropagateui, launched via backprop ui exposes a training control plane: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and HuggingFace Hub push. The CLI accepts two operator-facing...
PT-2026-36164
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
PT-2024-20071 · Dremio · Dremio
Name of the Vulnerable Software and Affected Versions: Dremio versions 22.0.0 through 22.2.2 Dremio versions 23.0.0 through 23.2.3 Dremio versions 24.0.0 through 24.3.0 Description: The issue allows an authenticated user with no privileges on certain folders to access these folders, files, and...