CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in jupyter-notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions, untrusted notebooks may execute code upon loading. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be exploited to trigger XSS...

10CVSS8.8AI score0.02106EPSS

Exploits1References2

OSV•added 2026/05/02 12:0 p.m.•4 views

RUSTSEC-2026-0130 Out-of-bounds read/write in `Index` and `IndexMut` implementations

The Index and IndexMut implementations for Caja use unchecked pointer arithmetic without bounds validation. Creating a Caja with a small key and then accessing an out-of-range index causes out-of-bounds reads or writes beyond the allocated memory. This can be triggered through safe public APIs —...

5.8AI score

Exploits0References3

RustSec•added 2026/05/02 12:0 p.m.•9 views

Out-of-bounds read/write in `Index` and `IndexMut` implementations

5.8AI score

Exploits0Affected Software1

SUSE CVE•added 2024/07/10 4:19 a.m.•2 views

SUSE CVE-2021-32798

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

9.6CVSS9.1AI score0.02106EPSS

Exploits1References4

OSV•added 2024/06/15 12:0 a.m.•7 views

OPENSUSE-SU-2024:11088-1 caja-extension-nextcloud-3.3.4-1.1 on GA media

These are all security issues fixed in the caja-extension-nextcloud-3.3.4-1.1 package on the GA media of openSUSE Tumbleweed...

8.8CVSS8.8AI score0.04698EPSS

Exploits1References1

OSV•added 2024/06/15 12:0 a.m.•3 views

OPENSUSE-SU-2024:13747-1 caja-engrampa-1.26.1-2.1 on GA media

These are all security issues fixed in the caja-engrampa-1.26.1-2.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS9.4AI score0.01652EPSS

Exploits1References1

OSV•added 2024/03/06 10:54 a.m.•22 views

BIT-JUPYTER-NOTEBOOK-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook

10CVSS9.3AI score0.02106EPSS

Exploits1References3

OSV•added 2024/03/06 10:54 a.m.•21 views

BIT-JUPYTER-BASE-NOTEBOOK-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook

10CVSS9.3AI score0.02106EPSS

Exploits1References3

The Hacker News•added 2023/01/05 2:55 p.m.•47 views

Blind Eagle Hackers Return with Refined Tools and Sophisticated Infection Chain

A financially motivated threat actor tracked as Blind Eagle has resurfaced with a refined toolset and an elaborate infection chain as part of its attacks targeting organizations in Colombia and Ecuador. Check Point's latest research offers new insights into the Spanish-speaking group's tactics an...

0.2AI score

Exploits0

Huntr•added 2022/05/01 6:1 p.m.•24 views

Arbitrary Code Execution through Sanitizer Bypass

Description The sanitizer function of the drawio core library which is responsible to sanitize various parts of a diagram of potentially dangerous HTML/JavaScript code can be bypassed. It is vulnerable to mutation XSS payloads, which allows escaping from the sanitizer. This allows arbitrary code...

6.8CVSS0.02225EPSS

Exploits1References1

BDU FSTEC•added 2022/04/01 12:0 a.m.•5 views

The vulnerability of the Caja component in the Jupyter Notebook document creation environment allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Caja component in the Jupyter Notebook document creation environment is related to improper filtering of special symbols. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

9.6CVSS7.7AI score0.02106EPSS

Exploits1References5Affected Software2

OpenVAS•added 2021/11/11 12:0 a.m.•17 views

Mozilla Firefox Security Advisory (MFSA2015-27) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

2.6CVSS9.5AI score0.01731EPSS

Exploits0References3