CVE-2024-12673

An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: Lenovo V Series Gen 5 ThinkBook 14...

UBUNTU-CVE-2024-10383

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

CVE-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

CVE-2022-24758

The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by...

CVE-2022-4020

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable...

CVE-2024-27132

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

CVE-2024-27133

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

com.github.alexmojaki:s3-stream-upload (=1.0), com.hotels:circus-train-common-test (=10.0.0) +1 more potentially affected by CVE-2025-24961 via org.gaul:s3proxy (>=1.4.0 <=1.6.1)

org.gaul:s3proxy MAVEN version =1.4.0, =0.9.0-preview1, =0.9.0-preview2 Source cves: CVE-2025-24961 Source advisory: OSV:GHSA-2CCP-VQMV-4R4X...

CVE-2023-45908

Homarr before v0.14.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Notebook widget...

CVE-2023-45908

Homarr before v0.14.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the Notebook widget...

CVE-2023-45908

CVE-2023-45908 affects Homarr prior to v0.14.0, with a stored XSS vulnerability via the Notebook widget. The issue is described consistently across sources (NVD/Red Hat/CNNVD/OSV, etc.) as a stored XSS in the Notebook widget that could impact user-provided content; CVSS v3.1 base score 6.1 (Mediu...

homarr 跨站脚本漏洞

homarr is a customizable browser homepage by Thomas Camlong, an individual developer, that is used to interact with Docker containers on the main server. A security vulnerability exists in homarr versions prior to v0.14.0 that stems from the inclusion of a stored cross-site scripting XSS...

PT-2025-1498 · Homarr · Homarr

Name of the Vulnerable Software and Affected Versions: Homarr versions prior to 0.14.0 Description: The issue is related to a stored cross-site scripting XSS vulnerability. This vulnerability can be exploited via the Notebook widget. Recommendations: For versions prior to 0.14.0, update to versio...

[SECURITY] Fedora 40 Update: jupyterlab-4.3.3-1.fc40

JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface...

[SECURITY] Fedora 40 Update: python-notebook-7.3.1-1.fc40

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

[SECURITY] Fedora 40 Update: jupyterlab-4.3.2-1.fc40

JupyterLab is the next-generation user interface for Project Jupyter offering all the familiar building blocks of the classic Jupyter Notebook notebook, terminal, text editor, file browser, rich outputs, etc. in a flexible and powerful user interface...

[SECURITY] Fedora 41 Update: python-notebook-7.3.1-1.fc41

The Jupyter Notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. The Notebook has support for multiple programming languages, sharing, and interactive widgets...

Fedora 40 : jupyterlab / python-notebook (2024-c4377d35e6)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-c4377d35e6 advisory. New jupyterlab and notebook fixing security vulnerabilities. Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 41 : jupyterlab / python-notebook (2024-d335b971e7)

The remote Fedora 41 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-d335b971e7 advisory. New jupyterlab and notebook fixing security vulnerabilities. Tenable has extracted the preceding description block directly from the Fedora security...

Fedora: Security Advisory (FEDORA-2024-c4377d35e6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...