CVE-2026-7680 jsbroks COCO Annotator Data Endpoint datasets.py path traversal

A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the file replace API. An attacker can delete files belonging to other users by abusing insufficient authorization checks on the deleteNewFile flag. Note: This is only exploitable if the attacker has permission...

CVE-2025-41720

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

CVE-2025-41720 Sauter: Arbitrary File Upload

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

CVE-2025-41720 Sauter: Arbitrary File Upload

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

Improper Rate Limiting

ethyca-fides is vulnerable to Improper Rate Limiting. The vulnerability is due to the webserver API incorrectly applying rate limits based on infrastructure IPs instead of client IPs and storing counters in-memory rather than in a shared store, which allows an attacker to bypass rate limiting...

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...

CVE-2025-57816

CVE-2025-57816 concerns the Fides Webserver API rate limiting. The issue arises in deployments that rely on the built‑in IP‑based rate limiter in proxied environments (CDNs, proxies, load balancers): limits are applied to the immediate connection IP rather than the client IP, and counters are sto...

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

CVE-2025-57816 Fides Webserver API Rate Limiting Vulnerability in Proxied Environments

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Webserver API's built-in IP-based rate limiting is ineffective in environments with CDNs, proxies or load balancers. The system incorrectly applies rate limits based on directly connected infrastructure IPs...

CVE-2023-46125

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

Information disclosure

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

CVE-2023-46125 Fides Information Disclosure Vulnerability in Config API Endpoint

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the GET api/v1/config endpoint. The...

PT-2023-27904 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions 2.11.0 through 2.19.0 Description: The Fides webserver API allows custom integrations to be uploaded as a ZIP file, which can contain YAML files and custom Python code. The custom code is executed in a restricted environment, b...

CVE-2023-36827 Fides vulnerable to Path Traversal in Webserver API

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal directory traversal vulnerability affects fides versions lower than version 2.15.1, allowing...

CVE-2020-27013

Trend Micro Antivirus for Mac 2020 Consumer contains a vulnerability in the product that occurs when a webserver is started that implements an API with several properties that can be read and written to allowing the attacker to gather and modify sensitive product and user data. An attacker must...