941 matches found
OESA-2026-2195 python-nbconvert security update
The nbconvert tool, jupyter nbconvert, converts notebooks to various other formats via Jinja templates. The nbconvert tool allows you to convert an .ipynb notebook file into various static formats including HTML, LaTeX, PDF, Reveal JS, Markdown md, ReStructured Text rst and executable script...
Bitwarden CLI 操作系统命令注入漏洞
Bitwarden CLI is a command-line password management tool provided by Bitwarden Corporation. Version 2026.4.0 of Bitwarden CLI contains a vulnerability related to operating system command injection, which stems from the embedding of malicious code when retrieving it via npm...
CVE-2026-41305
A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS by submitting specially crafted CSS. When PostCSS processes and re-stringifies this CSS for embedding within HTML sequences. This oversight enables the injected...
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
EUVD-2026-25383
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output
PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...
CVE-2026-41305
PostCSS (driver: CSS AST stringify) has an XSS risk in versions prior to 8.5.10 due to unescaped sequences when embedding user CSS into HTML tags. The issue arises when CSS is parsed into an AST and then re-stringified for embedding. Version 8.5.10 fixes the problem. Affected products: PostCSS;...
Text Steganography with Dynamic Codebook and Multimodal Large Language Model
With the popularity of the large language models LLMs, text steganography has achieved remarkable performance. However, existing methods still have some issues: 1 For the white-box paradigm, this steganography behavior is prone to exposure due to sharing the off-the-shelf language model between...
Adaptive Instruction Composition for Automated LLM Red-Teaming
Many approaches to LLM red-teaming leverage an attacker LLM to discover jailbreaks against a target. Several of them task the attacker with identifying effective strategies through trial and error, resulting in a semantically limited range of successes. Another approach discovers diverse attacks ...
CVE-2026-40925 WWBN AVideo has CSRF in configurationUpdate.json.php Enables Full Site Configuration Takeover Including Encoder URL and SMTP Credentials
WWBN AVideo is an open source video platform. In versions 29.0 and prior, objects/configurationUpdate.json.php also routed via /updateConfig persists dozens of global site settings from $POST but protects the endpoint only with User::isAdmin. It does not call forbidIfIsUntrustedRequest, does not...
EUVD-2026-24025
nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding...
GHSA-7JQV-FW35-GMX9 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
Summary When HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. Patches Upgrade to...
CVE-2026-39378 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
CVE-2026-39378 nbconvert has an Arbitrary File Read via Path Traversal in HTMLExporter Image Embedding
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
CVE-2026-39378
The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...
Linux Distros Unpatched Vulnerability : CVE-2026-39378
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when...
External Control of File Name or Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of File Name or Path via improper validation of file paths in the media embedding. An attacker can access arbitrary files on the host system or trigger network credential...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through incomplete sanitization of the README rendering process in the marketplace UI. An attacker can execute arbitrary scripts in the Electron context with full application privileges by embedding an iframe ta...
Half-Moon Cookie: Private, Similarity-Based Blocklisting with TOCTOU-Attack Resilience
Blocklisting is a common technique for preventing the use of known malicious content. However, conventional blocklisting infrastructures require either the blocklist to be public or clients to reveal their queries to the blocklist server. In this work, we introduce a private blocklisting framewor...
VeriCWEty: Embedding Enabled Line-Level CWE Detection in Verilog
Large Language Models LLMs have shown significant improvement in RTL code generation. Despite the advances, the generated code is often riddled with common vulnerabilities and weaknesses CWEs that can slip by untrained eyes. Attackers can often exploit these weaknesses to fulfill their nefarious...