Lucene search
K

334 matches found

Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.6 views

PT-2026-36164

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...

8.1CVSS5.4AI score0.00235EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/28 8:18 p.m.2 views

fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24178 via nvflare (>=2.2.0 <=2.7.1)

nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24178 Source advisory: SNYK:PYTHON-NVFLARE-16318747...

9.8CVSS5.4AI score0.00573EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.5 views

AutoRISE: Agent-Driven Strategy Evolution for Red-Teaming Large Language Models

Automated red-teaming methods for large language models typically optimize attack prompts within a fixed, human-designed strategy, leaving the attack strategy itself unchanged. We instead optimize the strategy. We propose AutoRISE, a method that searches over executable attack programs rather tha...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/13 12:0 a.m.8 views

Short Message Service (SMS) Phishing Attacks and Defenses: A Systematic Review

SMS Phishing also known as 'smishing' is a growing deceptive social engineering SE attack that leverages mobile SMS to conduct cybercrimes such as stealing sensitive information or spreading malware by tricking users into interacting with attackers' messages e.g., responding to or clicking URLs...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/12 12:0 a.m.7 views

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/08 7:57 p.m.7 views

CVE-2026-35492

Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...

6.5CVSS6AI score0.00427EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 4:16 p.m.8 views

CVE-2026-35492

Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...

6.5CVSS0.00427EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 3:3 p.m.16 views

CVE-2026-35492 Kedro-Datasets has a path traversal vulnerability in PartitionedDataset allows arbitrary file write

Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...

6.5CVSS0.00427EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 3:3 p.m.1 views

CVE-2026-35492 Kedro-Datasets has a path traversal vulnerability in PartitionedDataset allows arbitrary file write

Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...

6.5CVSS6AI score0.00427EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 3:3 p.m.5 views

CVE-2026-35492

Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...

6.5CVSS6AI score0.00427EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/07 3:3 p.m.36 views

CVE-2026-35492

Kedro-Datasets PartitionedDataset has a path traversal vulnerability prior to 9.3.0, where partition IDs were concatenated with the dataset base path without validation, potentially allowing writing outside the dataset directory on local FS or storage backends (S3, GCS, etc.). The issue affects a...

6.5CVSS6AI score0.00427EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/06 5:55 p.m.4 views

Directory Traversal

Overview kedro-datasets is a Kedro-Datasets is where you can find all of Kedro's data connectors. Affected versions of this package are vulnerable to Directory Traversal via the PartitionedDataset component. An attacker can overwrite arbitrary files on the filesystem by supplying partition IDs...

7.1CVSS6.4AI score0.00427EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 5:55 p.m.2 views

GHSA-CJG8-H5QC-HRJV kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write

Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

6.5CVSS5.9AI score0.00427EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/04/06 5:55 p.m.8 views

dbt-duckdb-kedro-datasets (>=0.1.0 <=0.1.2), kedro (>=0.19.0 <=0.19.1) +9 more potentially affected by CVE-2026-35492 via kedro-datasets (>=1.2.0 <=7.0.0)

kedro-datasets PYPI version =1.2.0, =0.1.0, =0.19.0, =0.4.1, =0.4.0, =0.1.2, =0.12.2, =0.2.0, =0.1.0, =0.7.0, =0.1.0, =0.1.0, =0.1.3 Source cves: CVE-2026-35492 Source advisory: OSV:GHSA-CJG8-H5QC-HRJV...

6.5CVSS5.8AI score0.00427EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/06 5:55 p.m.8 views

kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write

Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

6.5CVSS5.9AI score0.00427EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.10 views

PT-2026-30759

Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...

6.5CVSS5.9AI score0.00427EPSS
Exploits0References8
Snyk
Snyk
added 2026/04/01 6:32 a.m.4 views

Directory Traversal

Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Directory Traversal due to unsanitized version strings in versioned dataset path construction. The AbstractVersionedDataset.getversionedpath logic used durin...

8.1CVSS6.5AI score0.00327EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/03/30 12:0 a.m.4 views

Software Vulnerability Detection Using a Lightweight Graph Neural Network

Large Language Models LLMs have emerged as a popular choice in vulnerability detection studies given their foundational capabilities, open source availability, and variety of models, but have limited scalability due to extensive compute requirements. Using the natural graph relational structure o...

6AI score
Exploits0
OSV
OSV
added 2026/03/20 10:30 a.m.4 views

MAL-2026-1986 Malicious code in cloud-datasets (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 7cbbef34e9c8a9e6db79ffb59dde86dafe9734166f201aae8a5d1837ac262fc0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.13 views

ProvAgent: Threat Detection Based on Identity-Behavior Binding and Multi-Agent Collaborative Attack Investigation

Advanced Persistent Threats APTs pose critical challenges to modern cybersecurity due to their multi-stage and stealthy nature. While provenance-based detection approaches show promise in capturing causal attack semantics, current threat provenance practices face two paradoxical issues: 1 expert...

5.8AI score
Exploits0
Rows per page
Query Builder