Lucene search
K

44 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.9 views

CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

4CVSS5.4AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.12 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.5AI score0.00583EPSS
Exploits2References1
Snyk
Snyk
added 2026/06/03 3:6 p.m.8 views

Permissive Regular Expression

Overview Affected versions of this package are vulnerable to Permissive Regular Expression in the use of re.match to verify alloworiginpat values. This allows an attacker to bypass intended CORS restrictions and gain unauthorized access to sensitive API responses. Code execution is possible by...

8.8CVSS6.5AI score0.00197EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 8:58 a.m.32 views

CVE-2025-48977

CVE-2025-48977 is a relative path traversal vulnerability in Apache Ignite’s REST API. Authenticated REST API users can read arbitrary server files via a crafted log path using the cmd=log command, affecting Ignite 2.0.0–2.17.0. The issue is fixed in Ignite 2.18.0. If you are running affected ver...

8.5CVSS5.8AI score0.00526EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/18 12:58 p.m.15 views

CLEANSTART-2026-AP95632 Security fixes for CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-33815, CVE-2026-33816, CVE-2026-34986, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39882, CVE-2026-39883, CVE-2026-40179, CVE-2026-41889, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-78h2-9frx-2jm8, ghsa-8rm2-7qqf-34qm, ghsa-9jj7-4m8r-rfcm, ghsa-fw8g-cg8f-9j28, ghsa-hfvc-g4fc-pqhx, ghsa-j88v-2chj-qfwx, ghsa-p77j-4mvh-x3m3, ghsa-vffh-x6r8-xx99, ghsa-w8rr-5gcm-pp58, ghsa-wg65-39gg-5wfj, ghsa-xmrv-pmrh-hhx2 applied in versions: 2.18.3-r3

Multiple security vulnerabilities affect the keda-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS6.9AI score0.01557EPSS
Exploits2References76
OSV
OSV
added 2026/05/15 2:1 p.m.7 views

OESA-2026-2325 lcms2 security update

LittleCMS intends to be an OPEN SOURSE small-footprint color management engine,with special focus on accuracy and performence.It uses the International Color Consortium standard ICC, which is the modern standard when regarding to color management. The ICC specification is widely used and is...

4CVSS5.8AI score0.00128EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/07 2:20 a.m.9 views

SUSE CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.8AI score0.00583EPSS
Exploits2References3
OSV
OSV
added 2026/05/05 10:16 p.m.4 views

DEBIAN-CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.3CVSS5.8AI score0.00333EPSS
Exploits0References1
NVD
NVD
added 2026/05/05 10:16 p.m.12 views

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS0.00308EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/05/05 9:31 p.m.11 views

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS5.8AI score0.00308EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/05/05 9:29 p.m.10 views

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.6CVSS5.8AI score0.00333EPSS
Exploits0
OSV
OSV
added 2026/05/05 8:16 p.m.6 views

DEBIAN-CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.8AI score0.00583EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:37 p.m.5 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

7.6CVSS5.8AI score0.00583EPSS
Exploits2References2Affected Software1
PyPA
PyPA
added 2026/05/05 4:16 p.m.17 views

PYSEC-2026-67

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.3CVSS5.9AI score0.00265EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/05 4:16 p.m.5 views

DEBIAN-CVE-2025-61669

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.1CVSS5.9AI score0.00265EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 4:16 p.m.7 views

PYSEC-2026-67

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.1CVSS5.9AI score0.00265EPSS
Exploits1References1
CVE
CVE
added 2026/05/05 3:28 p.m.23 views

CVE-2025-61669

Jupyter Server (backend for Jupyter web apps) up to version 2.17.0 contains an open redirect in the login flow. The issue resides in LoginFormHandler._redirect_safe(), which does not sufficiently validate the next query parameter, allowing redirects to arbitrary external domains (e.g., ///example...

6.3CVSS5.9AI score0.00265EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2026/05/05 3:28 p.m.5 views

CVE-2025-61669

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.3CVSS5.9AI score0.00265EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.6 views

PT-2026-37055

Name of the Vulnerable Software and Affected Versions Jupyter Server versions prior to 2.18.0 Description Insufficient validation of the next query parameter in the login flow within the LoginFormHandler. redirect safe function allows redirects to arbitrary external domains. An attacker can use a...

6.3CVSS5.9AI score0.00265EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.8 views

PT-2026-36080

Name of the Vulnerable Software and Affected Versions Little CMS lcms2 versions 2.16 through 2.18 Description An integer overflow exists in the ParseCube function within the cmscgats.c file. An integer overflow occurs when a program attempts to store a numeric value that is too large for the...

4CVSS5.9AI score0.00128EPSS
Exploits0References28
Rows per page
Query Builder