BIT-JUPYTER-BASE-NOTEBOOK-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

EUVD-2019-5095

Malware in sbrugna...

EUVD-2025-18417

Malicious code in bioql PyPI...

Google ChromeOS 安全漏洞

Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...

PT-2024-39183 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.2 Description: A remote code execution RCE vulnerability exists via crafted extension publisher-url/additional-urls that could be abused by a malicious extension. This issue can be exploited to execute co...

PT-2024-39182 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.2 Description: A remote code execution vulnerability exists via crafted extension description or changelog, which could be exploited by a malicious extension. Recommendations: For Docker Desktop versions...

PT-2024-40302 · Jupyterlab +1 · @Jupyterlab/Mathjax-Extension +3

Name of the Vulnerable Software and Affected Versions: JupyterLite versions prior to 0.4.1 Description: The issue depends on user interaction by opening a malicious notebook with Markdown cells or a Markdown file using the JupyterLab preview feature. A malicious user can access any data accessibl...

GHSA-9Q39-RMJ3-P4R2 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

Impact The vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

SUSE CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

DEBIAN-CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

UBUNTU-CVE-2023-37276

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only...

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including securi...

chromium-browser: Insufficient policy enforcement in extensions

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page...

Google Chrome Input Validation Error Vulnerability (CNVD-2019-46431)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation error vulnerability. An attacker can exploit this vulnerability to disable extensions via specially crafted HTML pages...

DEBIAN-CVE-2019-13755

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page...

UBUNTU-CVE-2019-13755

Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page...

CVE-2019-13675

Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page...

Microsoft FrontPage Server Extensions contains denial of service vulnerability in the SmartHTML interpreter

Overview The Microsoft FrontPage Server Extensions contains a vulnerability that allows unauthenticated remote attackers to conduct denial of service attacks. Description Microsoft FrontPage Server Extensions FPSE is an optional set of tools that adds functionality to a web site. This functionali...