Lucene search
K

28 matches found

Nuclei
Nuclei
added yesterday216 views

mongo-express Remote Code Execution

mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the toBSON method and misuse the vm dependency to perform exec commands in a non-safe environment. id: CVE-2019-10758 info: name: mongo-express Remote Code Execution author: princechaddha severity: critical...

9.9CVSS7.4AI score0.84845EPSS
Exploits3References5
NVD
NVD
added 6 days ago7 views

CVE-2026-54527

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00284EPSS
Exploits1References3
NVD
NVD
added 6 days ago8 views

CVE-2026-54528

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54528 jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00285EPSS
Exploits0References3
CVE
CVE
added 6 days ago50 views

CVE-2026-54527

CVE-2026-54527 affects the jupyterlab-git extension. The PlainTextDiff.ts createHeader() renders renamed-file headers by directly inserting Git filenames into innerHTML, enabling stored XSS that can lead to remote code execution. Affected range is before 0.54.0, with fix released in 0.54.0. Explo...

9.3CVSS6AI score0.00284EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-54527 JupyterLab Git: Stored XSS leading to RCE

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00284EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Improper Handling of Case Sensitivity

Overview jupyterlab-git is an A JupyterLab extension for version control using git Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the prepare function due to improper enforcement of excluded directory paths on case-insensitive filesystems. An attacker...

7.1CVSS5.9AI score0.00285EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36763

An issue in the /util/http/prelude.rs endpoint of Datadog, Inc Vector v0.54.0 allows attackers to cause a Denial of Service DoS via a crafted request or payload...

5.3AI score0.00289EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.6 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS5.8AI score0.0022EPSS
Exploits1References1
OSV
OSV
added 2026/03/06 4:13 p.m.4 views

CVE-2026-29064 Zarf: Symlink targets in archives are not validated against destination directory

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS5.8AI score0.0022EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/08/05 12:0 a.m.7 views

Russh 安全漏洞

Russh is a Rust SSH client-side and server-side library from the individual developers at Eugene. A security vulnerability exists in Russh 0.54.0 and earlier versions that stems from improper handling of SSH protocol channel window adjustment messages, which could lead to an integer overflow...

6.5CVSS6.4AI score0.00386EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-9865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service stack-based buffer over-read and...

5.5CVSS6.4AI score0.01677EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/02/05 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for compat-poppler022 (EulerOS-SA-2021-1185)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.01118EPSS
Exploits1References2
OSV
OSV
added 2019/12/30 7:30 p.m.26 views

GHSA-H47J-HC6X-H3QQ Remote Code Execution Vulnerability in NPM mongo-express

Impact Remote code execution on the host machine by any authenticated user. Proof Of Concept Launching mongo-express on a Mac, pasting the following into the "create index" field will pop open the Mac calculator: javascript this.constructor.constructor"return...

9.9CVSS9.4AI score0.84845EPSS
Exploits3References9
Github Security Blog
Github Security Blog
added 2019/12/30 7:30 p.m.135 views

Remote Code Execution Vulnerability in NPM mongo-express

Impact Remote code execution on the host machine by any authenticated user. Proof Of Concept Launching mongo-express on a Mac, pasting the following into the "create index" field will pop open the Mac calculator: javascript this.constructor.constructor"return...

9.9CVSS9.4AI score0.84845EPSS
Exploits3References9Affected Software1
CNVD
CNVD
added 2019/12/26 12:0 a.m.5 views

mongo-express code execution vulnerability

mongo-express is a lightweight web-based management interface for interactively managing MongoDB databases. A security vulnerability exists in mongo-express versions prior to 0.54.0. An attacker can exploit this vulnerability to execute code with the help of an endpoint using the toBSON method...

9.9CVSS9.3AI score0.84845EPSS
Exploits3References1
OSV
OSV
added 2017/06/25 1:29 p.m.3 views

DEBIAN-CVE-2017-9865

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc...

5.5CVSS6.4AI score0.01677EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/06/25 12:0 a.m.34 views

CVE-2017-9865

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc...

5.5CVSS6.8AI score0.01677EPSS
Exploits0References3
OSV
OSV
added 2017/06/25 12:0 a.m.3 views

UBUNTU-CVE-2017-9865

The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 allows remote attackers to cause a denial of service stack-based buffer over-read and application crash via a crafted PDF document, related to missing color-map validation in ImageOutputDev.cc...

5.5CVSS6.9AI score0.01677EPSS
Exploits0References4
CNVD
CNVD
added 2017/06/06 12:0 a.m.23 views

Poppler Memory Leak Vulnerability

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A memory leak vulnerability exists in the 'gmalloc' function of the gmem.cc file in Poppler version 0.54.0. An attacker can exploit this vulnerability to cause a denial of service with the help of a...

6.5CVSS6.7AI score0.01458EPSS
Exploits0References1
Rows per page
Query Builder