EUVD-2026-29333

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

PT-2026-39857

Name of the Vulnerable Software and Affected Versions Outline versions prior to 1.7.0 Description The 'shares.create' API accepts both collectionId and documentId simultaneously. When published is set to false, the system only verifies read access for each, skipping the required share permission...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17935)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has an input validation error vulnerability that can be exploited by an attacker to cause a denial of servi...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17937)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to execute a...

Apache Zeppelin Security Bypass Vulnerability

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a full bypass vulnerability that can be exploited by an attacker to bypass authentication by...

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17934)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to view a server...

Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a cross-site scripting vulnerability that stems from improper coding or escaping, which can be...

Apache Zeppelin Code Execution Vulnerability

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has a code execution vulnerability that can be exploited by an attacker to execute shell scripts or malicio...

Apache Zeppelin input validation error vulnerability

Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. Apache Zeppelin is vulnerable to an input validation error that results from improper input validation in its Move folder to Trash...