3 matches found
CVE-2026-48957
The CVE-2026-48957 entry concerns Joomla! Core – specifically the com_privacy webservice endpoints. The connected documents describe an improper access check that allows unauthorized users to access com_privacy datasets, indicating a flaw in access control at the webservice layer. The affected co...
CVE-2026-48797
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control plane without authentication: dataset upload, model load, training start/stop, multi-run orchestration, GGUF export, and...
CVE-2026-40904
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...