CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

CVE-2026-8008

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-22685

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2026-22685

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

EUVD-2026-1873

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2026-22685 DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2026-22685

CVE-2026-22685 describes a path traversal vulnerability in DevToys versions 2.0.0.0–2.0.8.x (before 2.0.9.0) affecting the extension installation mechanism. When processing NUPKG extension archives, the product does not adequately validate archive file paths, enabling crafted entries like ../../…...

CVE-2026-22685 DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

CVE-2026-22685 DevToys Path Traversal (“Zip Slip”) Vulnerability in DevToys Extension Installation

DevToys is a desktop app for developers. In versions from 2.0.0.0 to before 2.0.9.0, a path traversal vulnerability exists in the DevToys extension installation mechanism. When processing extension packages NUPKG archives, DevToys does not sufficiently validate file paths contained within the...

PT-2026-2240

Name of the Vulnerable Software and Affected Versions DevToys versions 2.0.0.0 through 2.0.8.0 Description DevToys, a desktop application for developers, contains a path traversal flaw in its extension installation process. When handling extension packages NUPKG archives, the application...

DevToys 路径遍历漏洞

DevToys is a developer toolkit for DevToys open source. A path traversal vulnerability exists in DevToys version 2.0.0.0 through versions prior to 2.0.9.0, which stems from insufficient path validation in the extension installation mechanism, and could lead to arbitrary file overwriting and code...

EUVD-2011-3023

Malware in sbrugna...

EUVD-2017-14130

Malware in sbrugna...

EUVD-2019-3367

Malware in sbrugna...

EUVD-2025-6073

Malicious code in bioql PyPI...

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

CVE-2025-27645

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by Trusting HTTP Permission Methods on the Server Side V-2024-005...

Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print that stems from a server-side trust HTTP permission method leading to insecure extension installation...

CVE-2025-27645

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 and Application 20.0.2368 allows insecure extension installation by trusting HTTP permission methods on the server side. This vulnerability, CVE-2025-27645, is reported with a CVSS v3.1 base score of 9.8 (NETWORK, HIGH im...