CLEANSTART-2026-CS02869 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, ghsa-p77j-4mvh-x3m3 applied in versions: 2.18.0-r0, 2.18.0-r1, 2.18.0-r2

Multiple security vulnerabilities affect the kubernetes-csi-livenessprobe-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

SUSE CVE-2025-61669

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

Linux Distros Unpatched Vulnerability : CVE-2026-40934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a...

PYSEC-2026-69

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

CVE-2026-40934 jupyter-server authentication cookies remain valid after password reset due to static cookie secret

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

CVE-2026-40934

CVE-2026-40934 affects Jupyter Server up to version 2.17.0, where the signing secret for authentication cookies is stored at ~/.local/share/jupyter/runtime/jupyter_cookie_secret and is never rotated on password changes. After a password reset and server restart, previously issued cookies remain c...

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

PYSEC-2026-68

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

CVE-2026-35397 jupyter-server path traversal allows access to sibling directories sharing root_dir name prefix

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

CVE-2025-61669 jupyter_server next parameter open redirect can redirect users to external domains

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

PT-2026-37234

Name of the Vulnerable Software and Affected Versions Jupyter Server versions prior to 2.18.0 Description Origin header validation uses the re.match function to check incoming origins against the allow origin pat configuration value. Because re.match only anchors at the start of the string and do...

PT-2026-37241

Name of the Vulnerable Software and Affected Versions Jupyter Server versions prior to 2.18.0 Description The secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupyter cookie secret and is not rotated when a user changes their password...

GHSA-R4V6-9FQC-W5JR n8n's Credential Authorization Bypass in dynamic-node-parameters Allows Foreign API Key Replay

Impact The dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared workflow could supply a foreign credential ID in the request body, causing the backend to decrypt and u...

OPENSUSE-SU-2026:10369-1 skaffold-2.18.0-1.1 on GA media

These are all security issues fixed in the skaffold-2.18.0-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE-SU-2026:0254-1 Security update for log4j

This update for log4j fixes the following issues: Security fixes: - CVE-2025-68161: Fixed absent TLS hostname verification that may allow a man-in-the-middle attack bsc1255427 Other fixes: - Upgrade to 2.18.0 Added + Add support for Jakarta Mail API in the SMTP appender. + Add support for custom...

CVE-2024-41603

Spina CMS v2.18.0 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via the URI /admin/layout...

CVE-2025-42620 CSRF vulnerability in CIRCL Vulnerability-Lookup

In affected versions, vulnerability-lookup handled user-controlled content in comments and bundles in an unsafe way, which could lead to stored Cross-Site Scripting XSS. On the backend, the relatedvulnerabilities field of bundles accepted arbitrary strings without format validation or proper...

BIT-TENSORFLOW-2025-55556

TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application...

PT-2025-39941

Name of the Vulnerable Software and Affected Versions GutenBee – Gutenberg Blocks plugin for WordPress versions prior to 2.18.1 Description The GutenBee – Gutenberg Blocks plugin for WordPress is susceptible to Stored Cross-Site Scripting through parameters in the CountUp and Google Maps Blocks...