EUVD-2026-22344

A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via...

EUVD-2026-22342

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

CVE-2026-39813

Fortinet FortiSandbox contains a path traversal vulnerability (CVE-2026-39813) that affects FortiSandbox 5.0.0–5.0.5 and 4.4.0–4.4.8. The issue arises from a path traversal flaw ("../filedir"), enabling escalation of privilege. CVSS v3.1: 9.8 (CRITICAL), NETWORK attack vector, no user interaction...

CVE-2026-39808

Fortinet FortiSandbox is affected by CVE-2026-39808 (FortiSandbox 4.4.0–4.4.8), a os command injection due to improper neutralization of special elements. It could allow an attacker to execute arbitrary code or commands over a network without user interaction, with CVSS v3.1: Critical (AV:N/AC:L/...

PT-2026-32692

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 4.4.0 through 4.4.8 FortiSandbox versions 5.0.0 through 5.0.5 Description A path traversal issue involving '../filedir' may allow an attacker to achieve escalation of privilege. Recommendations At the moment, there is no...

Fortinet FortiSandbox 操作系统命令注入漏洞

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection device developed by the American company Fortinet. This device offers features such as dual sandbox technology, dynamic threat intelligence systems, a real-time control panel, and reporting capabilities. Versions of Fortinet...

CVE-2025-71249

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-26345 SPIP < 4.4.8 Cross-Site Scripting in Public Area

SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...

CVE-2026-26345

SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...

CVE-2026-26345 SPIP < 4.4.8 Cross-Site Scripting in Public Area

SPIP before 4.4.8 contains a stored cross-site scripting XSS vulnerability in the public area triggered in certain edge-case usage patterns. The echapperhtmlsuspect function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges e.g.,...

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.8 contained security vulnerabilities. These vulnerabilities stemmed from improper sandboxing or escaping of iframe content in private areas, which could lead to cross-site scripting...

CVE-2025-62605 Mastodon quotes control can be bypassed

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon...

CVE-2025-62605 Mastodon quotes control can be bypassed

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon...

EUVD-2025-35213

Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon...

EUVD-2023-27791

Malicious code in bioql PyPI...

BIT-JUPYTERLAB-2025-59842 JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

CVE-2025-59842

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

CVE-2025-59842 JupyterLab LaTeX typesetter links did not enforce `noopener` attribute

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

CVE-2025-59842

CVE-2025-59842 affects jupyterlab; prior to 4.4.8, links generated from LaTeX renderers in Markdown cells could lack noopener, enabling potential reverse-tabnabbing with target=_blank. The issue was patched in jupyterlab 4.4.8. Fedora and other advisories indicate the fixes are provided in jupyte...

PT-2025-39657

Name of the Vulnerable Software and Affected Versions jupyterlab versions prior to 4.4.8 Description jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Links generated with LaTeX typesetters in Markdown files and Markdow...