BIT-JUPYTER-NOTEBOOK-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

UBUNTU-CVE-2026-42557

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

CVE-2026-42266 JupyterLab has an Extension Manager API/GUI Policy Discrepancy allowing 3rd party (malicious) extensions install via POST request.

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

OPENSUSE-SU-2026:10748-1 jupyter-jupyterlab-4.5.7-1.1 on GA media

These are all security issues fixed in the jupyter-jupyterlab-4.5.7-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2026-27468 Mastodon may allow unconfirmed FASP to make subscriptions

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

PT-2026-21779

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.4.0 through 4.4.13 Mastodon versions 4.5.0 through 4.5.6 Description Mastodon is a free, open-source social network server based on ActivityPub. The issue relates to FASP Federated Actor Subscription Protocol registration,...

CVE-2025-69620

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...

nTools Office Reader - PDF,Word,Excel 安全漏洞

nTools Office Reader – PDF, Word, Excel is a document reading application developed by nTools Corporation. The version 4.5.7 of nTools Office Reader – PDF, Word, Excel contains a security vulnerability. This vulnerability stems from path traversal vulnerabilities, which may lead to...

CVE-2025-69620

CVE-2025-69620 describes a path traversal in Moo Chan Song v4.5.7 that can cause a Denial of Service by writing files to internal storage. Affected software: Moo Chan Song 4.5.7. Root cause: path traversal leading to DoS. Impact: denial of service as stated. Exploitation/availability impact: avai...

CVE-2025-69620

A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service DoS via writing files to the internal storage...

WordPress Plugin All-in-One Video Gallery Code Issues and Vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2019-16972

In FusionPBX up to 4.5.7, the file app\contacts\contactaddresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS...

CVE-2019-16977

In FusionPBX up to 4.5.7, the file app\extensions\extensionimports.php uses an unsanitized "querystring" variable coming from the URL, which is reflected in HTML, leading to XSS...

Incorrect Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to the insufficient enrolment validation in quiz notifications. An attacker can obtain limited course information by receiving quiz-related messages intended for active...

Exposure of Information Through Directory Listing

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Information Through Directory Listing due to the improper error handling. An attacker can gain unauthorized access to internal directory structures by sending crafted HTTP with absent...

EUVD-2019-7464

Malware in sbrugna...

PT-2023-29321 · Unknown · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS version 4.5.7 Description: The issue allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. This is a Cross Site Scripting vulnerability. Recommendations: For BigTree CMS versi...

PowerDNS Recursor DoS Vulnerability (2022-01)

PowerDNS Recursor is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2021-37587)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in FusionPBX version 4.5.7. An attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the querystring variable in...