DEBIAN-CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...

Apache Tapestry - Remote Code Execution

Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the...

WordPress plugin LBG Zoominoutslider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-68056

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through = 5.4.4...

CVE-2025-68056

CVE-2025-68056 affects the WordPress plugin LBG Zoominoutslider (LambertGroup)

EUVD-2018-6848

Malware in sbrugna...

EUVD-2018-6846

Malware in sbrugna...

NeuVector 安全漏洞

NeuVector is an end-to-end container security platform from US-based NeuVector. The platform includes features such as image vulnerability management, access control and container process/filesystem protection. A security vulnerability exists in NeuVector versions 5.4.5 and earlier, which stems...

GO-2025-3918 NeuVector admin account has insecure default password in github.com/neuvector/neuvector

NeuVector admin account has insecure default password in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

SUSE CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

CVE-2023-30475

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin = 5.4.5 versions...

PT-2025-1527 · Unknown · Feedbackwp Kk Star Ratings

Name of the Vulnerable Software and Affected Versions: FeedbackWP kk Star Ratings versions through 5.4.5 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through...

WordPress plugin kk Star Ratings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

1food-menu (=0.3.8), 2473-alex-ui (>=0.0.1 <=0.0.4-alpha.3) +4715 more potentially affected by CVE-2024-45811 via vite (>=5.4.0 <=5.4.5)

vite NPM version =5.4.0, =0.0.1, =0.0.1, =1.1.2, =0.1.1, =0.1.0, =5.0.0, =0.0.1-alpha.10, =0.0.4-alpha.5, =0.0.11, =0.0.5, =0.0.1, =1.0.0, =1.0.0, =1.1.1 and more Source cves: CVE-2024-45811 Source advisory: OSV:GHSA-9CWX-2883-4WFX...

Cross site scripting

Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting XSS vulnerability...

VulnCheck KEV: CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

WordPress kk Star Ratings Plugin <= 5.4.5 is vulnerable to Broken Access Control

Software kk Star Ratings Type Plugin Vulnerable versions = 5.4.5 Fixed in 5.4.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46639 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f81ae2f458b9 Credits Revan Arifio Required privile...