262 matches found
SUSE CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
Why Malwarebytes blocks some Yahoo Mail redirects
Some Malwarebytes users have recently noticed frequent web protection alerts while reading email in Yahoo Mail’s web interface. These alerts are caused by background connections from the Yahoo Mail page to a set of third‑party domains that our products and other security tools currently classify ...
Linux Distros Unpatched Vulnerability : CVE-2026-42557
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTM...
DEBIAN-CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
UBUNTU-CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
CVE-2026-42557
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...
Malicious code in enhancer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cefeea627aa1a0cc84aeedff1db0ae88ebf61b233bb9b20fa82b0a5fd0737cbf The distribution is published as enhancer but installs modules under the top-level safety namespace setup.py declares namespacepackages='safety' and...
MAL-2026-3691 Malicious code in enhancer (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cefeea627aa1a0cc84aeedff1db0ae88ebf61b233bb9b20fa82b0a5fd0737cbf The distribution is published as enhancer but installs modules under the top-level safety namespace setup.py declares namespacepackages='safety' and...
Microsoft Office PowerPoint 访问控制错误漏洞
Microsoft Office PowerPoint is a software tool developed by the American company Microsoft for creating presentation documents PPTs. Microsoft Office PowerPoint has a security vulnerability related to access control. Attackers can exploit this vulnerability to carry out deceptive attacks...
Microsoft Word 访问控制错误漏洞
Microsoft Word is a word processing software within the Office suite developed by the American company Microsoft. There is an access control error vulnerability in Microsoft Word. Attackers exploit this vulnerability to carry out deceptive attacks...
Skill Description Deception Attack against Task Routing in Internet of Agents
A new paradigm, Internet of Agents IoA, is transforming networked systems into LLM-driven service networks, where heterogeneous agents collaborate through task routing based on their self-declared skill descriptions. Although this promising paradigm enables agentic, distributed, and advanced...
MAL-2026-2456 Malicious code in strapi-plugin-core (npm)
strapi-plugin-core is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology. I...
WhatsApp on Windows users targeted in new campaign, warns Microsoft
Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices. Desktop...
Meta rolls out anti-scam tools across WhatsApp, Facebook, and Messenger
Meta has rolled out more anti-scam protections across WhatsApp, Facebook, and Messenger to fight sophisticated fraud tactics. The features will help stop celebrity impersonators and brand spoofers from defrauding its users, the company said. Meta is also targeting attackers who exploit legitimate...
Microsoft Azure IoT Explorer 代码问题漏洞
Microsoft Azure IoT Explorer is a free and open-source desktop application developed by Microsoft Corporation. There are code-related vulnerabilities in Microsoft Azure IoT Explorer. Attackers exploit these vulnerabilities to carry out deceptive attacks...
Microsoft Windows App Installer 数据伪造问题漏洞
The Microsoft Windows App Installer is a tool provided by Microsoft Corporation for use with the Windows 10 and Windows 11 operating systems. It allows users to easily install applications by double-clicking .msix or .msixbundle files. This tool supports installation from websites, optional...
New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages
The BoryptGrab campaign uses fake SEO‑optimized GitHub repositories and deceptive download pages to distribute a data‑stealing malware family that delivers multiple payloads, including a reverse SSH backdoor, to Windows users...