Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-40934

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a...

7.6CVSS5.6AI score0.00308EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 10:16 p.m.12 views

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS0.00308EPSS
Exploits1References1
PyPA
PyPA
added 2026/05/05 10:16 p.m.16 views

PYSEC-2026-69

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS5.7AI score0.00308EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 9:31 p.m.5 views

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS5.8AI score0.00308EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Jupyter Server 代码问题漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier have code vulnerabilities. These vulnerabilities stem from the persistence of the key used for signing authentication...

7.6CVSS5.8AI score0.00308EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.6 views

CVE-2026-30869

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.8CVSS6.4AI score0.01028EPSS
Exploits1References1
OSV
OSV
added 2026/03/09 10:28 p.m.5 views

CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.5AI score0.01028EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/09 10:28 p.m.5 views

CVE-2026-30869

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.4AI score0.01028EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/09 10:28 p.m.3 views

CVE-2026-30869 SiYuan has a Path Traversal in /export Endpoint Allows Arbitrary File Read and Secret Leakage

SiYuan is a personal knowledge management system. Prior to 3.5.10, a path traversal vulnerability in the /export endpoint allows an attacker to read arbitrary files from the server filesystem. By exploiting double‑encoded traversal sequences, an attacker can access sensitive files such as...

9.3CVSS6.4AI score0.01028EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/09/23 4:58 p.m.9 views

CVE-2025-0663 Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login

A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged user in one tenant to forge authentication...

6.8CVSS0.00226EPSS
Exploits0References1
CNVD
CNVD
added 2016/09/21 12:0 a.m.2 views

Metasploit config.action_dispatch.cookies_serializer deserialization vulnerability

Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, validate mitigations for vulnerabilities, and manage expert-driven security for assessments that provide true security risk intelligence. A deserialization...

8AI score
Exploits0References1
Rows per page
Query Builder