334 matches found
PT-2026-36164
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged project members at the team level instead of binding the...
fl-manager-components-datasets-torch (=0.1.0), fl-manager-components-formatters-pillow (=0.1.0) +11 more potentially affected by CVE-2026-24178 via nvflare (>=2.2.0 <=2.7.1)
nvflare PYPI version =2.2.0, =0.1.0, =0.2.0, =3.1.27, =3.1.27, =3.1.29, =3.1.31 Source cves: CVE-2026-24178 Source advisory: SNYK:PYTHON-NVFLARE-16318747...
AutoRISE: Agent-Driven Strategy Evolution for Red-Teaming Large Language Models
Automated red-teaming methods for large language models typically optimize attack prompts within a fixed, human-designed strategy, leaving the attack strategy itself unchanged. We instead optimize the strategy. We propose AutoRISE, a method that searches over executable attack programs rather tha...
Short Message Service (SMS) Phishing Attacks and Defenses: A Systematic Review
SMS Phishing also known as 'smishing' is a growing deceptive social engineering SE attack that leverages mobile SMS to conduct cybercrimes such as stealing sensitive information or spreading malware by tricking users into interacting with attackers' messages e.g., responding to or clicking URLs...
The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution
Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...
CVE-2026-35492
Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...
CVE-2026-35492
Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...
CVE-2026-35492 Kedro-Datasets has a path traversal vulnerability in PartitionedDataset allows arbitrary file write
Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...
CVE-2026-35492 Kedro-Datasets has a path traversal vulnerability in PartitionedDataset allows arbitrary file write
Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...
CVE-2026-35492
Kedro-Datasets is a Kendo plugin providing data connectors. Prior to 9.3.0, PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a...
CVE-2026-35492
Kedro-Datasets PartitionedDataset has a path traversal vulnerability prior to 9.3.0, where partition IDs were concatenated with the dataset base path without validation, potentially allowing writing outside the dataset directory on local FS or storage backends (S3, GCS, etc.). The issue affects a...
Directory Traversal
Overview kedro-datasets is a Kedro-Datasets is where you can find all of Kedro's data connectors. Affected versions of this package are vulnerable to Directory Traversal via the PartitionedDataset component. An attacker can overwrite arbitrary files on the filesystem by supplying partition IDs...
GHSA-CJG8-H5QC-HRJV kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write
Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...
dbt-duckdb-kedro-datasets (>=0.1.0 <=0.1.2), kedro (>=0.19.0 <=0.19.1) +9 more potentially affected by CVE-2026-35492 via kedro-datasets (>=1.2.0 <=7.0.0)
kedro-datasets PYPI version =1.2.0, =0.1.0, =0.19.0, =0.4.1, =0.4.0, =0.1.2, =0.12.2, =0.2.0, =0.1.0, =0.7.0, =0.1.0, =0.1.0, =0.1.3 Source cves: CVE-2026-35492 Source advisory: OSV:GHSA-CJG8-H5QC-HRJV...
kedro-datasets has a path traversal vulnerability in PartitionedDataset that allows arbitrary file write
Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...
PT-2026-30759
Impact PartitionedDataset in kedro-datasets was vulnerable to path traversal. Partition IDs were concatenated directly with the dataset base path without validation. An attacker or malicious input containing .. components in a partition ID could cause files to be written outside the configured...
Directory Traversal
Overview kedro is a Kedro helps you build production-ready data and analytics pipelines Affected versions of this package are vulnerable to Directory Traversal due to unsanitized version strings in versioned dataset path construction. The AbstractVersionedDataset.getversionedpath logic used durin...
Software Vulnerability Detection Using a Lightweight Graph Neural Network
Large Language Models LLMs have emerged as a popular choice in vulnerability detection studies given their foundational capabilities, open source availability, and variety of models, but have limited scalability due to extensive compute requirements. Using the natural graph relational structure o...
MAL-2026-1986 Malicious code in cloud-datasets (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 7cbbef34e9c8a9e6db79ffb59dde86dafe9734166f201aae8a5d1837ac262fc0 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
ProvAgent: Threat Detection Based on Identity-Behavior Binding and Multi-Agent Collaborative Attack Investigation
Advanced Persistent Threats APTs pose critical challenges to modern cybersecurity due to their multi-stage and stealthy nature. While provenance-based detection approaches show promise in capturing causal attack semantics, current threat provenance practices face two paradoxical issues: 1 expert...