JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

The allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments...

Gokapi has CSRF in Login Endpoint

Summary The login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a session on successful credential validation. Issue found by aisafe.io Impact An attacker can force a victim...

CVE-2019-2722

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

LangGraph's SQLite is vulnerable to SQL injection via metadata filter key in SQLite checkpointer list method

Context A SQL injection vulnerability exists in LangGraph's SQLite checkpoint implementation that allows attackers to manipulate SQL queries through metadata filter keys. This affects applications that accept untrusted metadata filter keys not just filter values in checkpoint search operations...

CVE-2025-35968

Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

CVE-2025-11902

A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing a manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public an...

EUVD-2021-16899

Malware in sbrugna...

EUVD-2006-5347

Malware in sbrugna...

EUVD-2006-6732

Malware in sbrugna...

EUVD-2019-12148

Malware in sbrugna...

EUVD-2020-22451

Malware in sbrugna...

EUVD-2010-0087

Malware in sbrugna...

EUVD-2020-22519

Malware in sbrugna...

EUVD-2020-22761

Malware in sbrugna...

EUVD-2017-3026

Malware in sbrugna...

EUVD-2024-52804

Malicious code in bioql PyPI...

Microsoft Edge (Chromium-Based) Use After Free Vulnerability (Aug 2025)

Microsoft Edge Chromium-Based is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-43001

SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading to privilege escalation. On successful exploitation, an attacker could modify the critical files by tampering with sign...

The vulnerability of the drivers/net/tun.c component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the drivers/net/tun.c component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

Assessing the Resilience of Automotive Intrusion Detection Systems to Adversarial Manipulation

The security of modern vehicles has become increasingly important, with the controller area network CAN bus serving as a critical communication backbone for various Electronic Control Units ECUs. The absence of robust security measures in CAN, coupled with the increasing connectivity of vehicles,...