BIT-JUPYTER-BASE-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

UBUNTU-CVE-2026-39373

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does not validate th...

CVE-2026-30579

File Thingie 2.5.7 is vulnerable to Cross Site Scripting XSS. A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload...

EUVD-2026-12021

Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simple SSL: from n/a through = 9.5.7...

WordPress ShopMagic plugin <= 4.5.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Legion Hunter in WordPress Plugin ShopMagic versions = 4.5.6...

EUVD-2025-32527

Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57...

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability

Libraesva has released a security update to address a vulnerability in its Email Security Gateway ESG solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689 , carries a CVSS score of 6.1, indicating medium severity. "Libraesva ESG i...

WordPress plugin Doliconnect 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2024-4004

The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-31043 WordPress JetSearch plugin <= 3.5.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetSearch jet-search allows DOM-Based XSS.This issue affects JetSearch: from n/a through = 3.5.7...

PT-2025-2818 · Fortinet · Fortisoar Imap Connector

Name of the Vulnerable Software and Affected Versions: FortiSOAR IMAP connector versions 3.5.7 and below Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow an authenticated attacker to execute unauthorized code or commands vi...

CVE-2024-43295

Cross-Site Request Forgery CSRF vulnerability in Passionate Programmers B.V. WP Data Access.This issue affects WP Data Access: from n/a through 5.5.7...

VulnCheck KEV: CVE-2024-38706

Path Traversal: '.../...//' vulnerability in DevItems HT Mega ht-mega-for-elementor.This issue affects HT Mega: from n/a through = 2.5.7...

BigTree CMS Cross-Site Scripting Vulnerability (CNVD-2023-93329)

BigTree CMS is a content management system. A cross-site scripting vulnerability exists in BigTree CMS version v4.5.7, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by a remote attacker to execute arbitrary code via ID...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-36989)

FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX 4.5.7 and prior versions. The...

Zoho ManageEngine ADManager Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

MODX Revolution Directory Traversal Vulnerability (CNVD-2017-06899)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A directory traversal vulnerability exists in MODX Revolution version 2.5.7. The vulnerability arises du...