Jupyter多款产品 跨站脚本漏洞

Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...

a-mailx (=0.1.0), aaa-ml-datasets-course (=1.0.0) +105 more potentially affected by CVE-2026-40171 via notebook (>=7.0.0 <=7.5.5)

notebook PYPI version =7.0.0, =0.0.7, =1.0.1, =0.1.0, =1.6.4, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =0.1.8, =0.0.2, =0.0.6 - compare-my-stocks =1.0.5 and more Source cves: CVE-2026-40171 Source advisory: SNYK:PYTHON-NOTEBOOK-16347195...

CVE-2026-41242

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

CVE-2026-41242 protobufjs has an arbitrary code execution issue

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

CVE-2026-41242 protobufjs has an arbitrary code execution issue

protobufjs compiles protobuf definitions into JavaScript JS functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the...

EUVD-2025-124903

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

CVE-2025-12998 Broken Authentication in extension “Modules” (modules)

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

CVE-2025-12998 Broken Authentication in extension “Modules” (modules)

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

PT-2025-46649

Name of the Vulnerable Software and Affected Versions TYPO3 Extension "Modules" versions prior to 4.3.11 TYPO3 Extension "Modules" versions 5.0.0 through 5.7.3 TYPO3 Extension "Modules" versions 6.0.0 through 6.4.1 TYPO3 Extension "Modules" versions 7.0.0 through 7.5.4 Description An improper...

Virtuozzo Hybrid Server 7.5 Update 5 Hotfix 3 (7.5.5-293)

The Hotfix 3 for Virtuozzo Hybrid Server 7.5 Update 5 provides a security bug fix. Vulnerability id: PSBM-153331 A critical security issue in container suspend/resume in the Virtuozzo Hybrid Server 7.5. Update 5 version...

WordPress Directorist Plugin <= 7.5.4 is vulnerable to Broken Access Control

Software Directorist Type Plugin Vulnerable versions = 7.5.4 Fixed in 7.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1889 Patch priority High CVSS severity High 7.2 Developer Claim ownership PSID 3d986c80db6c Credits Alex Thomas Required privilege...

AirDisk 7.5.5 Cross Site Scripting

Exploit Title: AirDisk 7.5.5 File Manager Stored XSS Date: Sep 8, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://apps.apple.com/us/developer/felix-yew/id505904424 Software Link: https://apps.apple.com/us/app/airdisk-file-manager/id566530748 Version: 7.5.5 Tested on: iPhone ios 15.6 ...

Security Bulletin: App Connect Professional & IBM WebSphere Cast Iron Solution are affected by axios vulnerability

Summary App Connect Professional & IBM WebSphere Cast Iron Solution have addressed the following vulnerability reported in axios. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the...

CVE-2018-2877

Vulnerability in the MySQL Cluster component of Oracle MySQL subcomponent: Cluster: ndbcluster/plugin. Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to t...

HP/HPE System Management Homepage (SMH) Multiple Vulnerabilities (HPSBMU03593)

HP/HPE System Management Homepage SMH is prone to multiple vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

CVE-2009-3595

SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the CatID parameter, a different vector than CVE-2009-3590...

CVE-2009-3595

SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the CatID parameter, a different vector than CVE-2009-3590...

CVE-2009-3595

CVE-2009-3595: SQL injection in VS PANEL 7.5.5 via Cat_ID in results.php allows remote execution of arbitrary SQL commands. Affected product: VS PANEL (version 7.5.5 noted in the description); vector: HTTP parameter Cat_ID; root cause: improper input handling leading to injection. Connected recor...

jetAudio 7.5.5 plus vx - .M3U.ASX.WAX.WVX Local Crash (PoC)

jetAudio 7.5.5 plus vx - .M3U.ASX.WAX.WVX Local Crash PoC !/usr/bin/env python JetAudio 7.5.3.15 Local Crash PoC Found By: DrIDE Download: http://www.cowonamerica.com/download/ Tested on Windows XP SP2 Crash occurs in msvcr90.dll which is included with this version of the program. buff = "http://...

jetAudio 7.5.5 plus vx - &#039;.M3U&#039;/&#039;.ASX&#039;/&#039;.WAX&#039;/&#039;.WVX&#039; Local Crash (PoC)

!/usr/bin/env python JetAudio 7.5.3.15 Local Crash PoC Found By: DrIDE Download: http://www.cowonamerica.com/download/ Tested on Windows XP SP2 Crash occurs in msvcr90.dll which is included with this version of the program. buff = "http://" + "\x41" 8000; print " - Creating payload."; f1 =...