### 漏洞概述 **漏洞名称**: Path Traversal via Unsanitized Version String in Versioned Dataset Loading in kedro-org/kedro **CVE编号**: CVE-2026-3840 **漏洞类型**: CWE-32: Path Traversal **严重程度**: High (7.1) **受影响版本*…
### 漏洞概述 **漏洞名称**: CWE-346: CORS Origin Validation Bypass via `re.match()` in `allow_origin_pat` in `jupyter/jupyter` **漏洞描述**: Jupyter Server 使用 `re.match()` 来验证 `Origin` 头与 `allow_origin_pat` 配置。由于 …
### 漏洞概述 **标题**: Path Traversal in Keras Archive Extraction via CWD Validation Bypass Leading to Arbitrary File Write in keras-team/keras **描述**: Keras的档案提取功能(`keras/src/utils/file_utils.py`)存在路径遍历漏洞。…
### 漏洞概述 - **漏洞名称**: `trust_remote_code=False` Bypass in LightGlue Nested Config Resolution (Transformers 5.2.0) Leading to Remote Code Execution During Normal `from_pretrained()` Loading in huggingfa…
# 漏洞概述 - **漏洞名称**: CVE-2025-70100 - Divide By Zero in lwest4 - **漏洞类型**: 除零错误 (Divide By Zero) - **漏洞描述**: 当挂载或解析一个特别构造的EXT4镜像时,如果该镜像编码了一个零逻辑块大小,lwest4会将这个无效值传递给`ext4_block_set_lb_size()`函数。该函数在没有进行验证…