396 matches found
PYSEC-2026-69
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...
DEBIAN-CVE-2026-40934
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...
CVE-2026-40934
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...
CVE-2026-40934
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...
CVE-2026-40934
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...
GHSA-5MRQ-X3X5-8V8F Jupyter Server's Authentication Cookies Remain Valid After Password Reset and Server Restart
Summary A persistent cookie secret vulnerability allows authenticated users to maintain indefinite access even after password changes. The cookie secret used to sign authentication cookies is stored in a permanent file /.local/share/jupyter/runtime/jupytercookiesecret that is never automatically...
Jupyter Server 代码问题漏洞
Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier have code vulnerabilities. These vulnerabilities stem from the persistence of the key used for signing authentication...
CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...
CVE-2026-39462
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...
PT-2026-34808
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...
GHSA-XW5C-JC7X-GF75 PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability
PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...
Denial Of Service (DoS)
Apache Cassandra is vulnerable to Denial Of Service DoS. The vulnerability is due to inefficient handling of repeated password change operations, which allows an attacker to trigger increased query latency and degrade system performance...
EUVD-2026-19769
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...
Apache Cassandra has an authenticated DoS over CQL
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...
Improper Control of Interaction Frequency
Overview org.apache.cassandra:cassandra-all is a maven plugin for the Apache Cassandra Project. Which, develops a highly scalable second-generation distributed database, bringing together Dynamo's fully distributed design and Bigtable's ColumnFamily-based data model. Affected versions of this...
CVE-2026-32588
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...
CVE-2026-32588
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...
CVE-2026-32588 Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...
CVE-2026-32588 Apache Cassandra: Authenticated DoS via ALTER ROLE Password Hashing
Authenticated DoS over CQL in Apache Cassandra 4.0, 4.1, 5.0 allows authenticated user to raise query latencies via repeated password changes. Users are recommended to upgrade to version 4.0.20, 4.1.11, 5.0.7, which fixes this issue...
Apache Cassandra 安全漏洞
Apache Cassandra is a distributed NoSQL database developed by the Apache Foundation in the United States. There are security vulnerabilities in Apache Cassandra versions 4.0, 4.1, and 5.0. These vulnerabilities allow authenticated users to increase query latency by repeatedly changing passwords,...