2573 matches found
Cross-site Scripting (XSS)
Overview distributed is a Distributed scheduler for Dask Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interaction between Jupyter Lab, jupyter-server-proxy, and the Dask dashboard. An attacker can execute arbitrary code by enticing a user to click a phishin...
PYSEC-2026-169
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
aces-apps (=1.5.4), aggfly (>=0.1.0 <=0.1.5) +411 more potentially affected by CVE-2026-23528 via distributed (>=1.13.0 <=2025.9.2)
distributed PYPI version =1.13.0, =0.1.0, =0.3.9, =0.0.1, =0.2.0, =0.1.0, =0.0.13b20200721, =0.5.3b20221014 and more Source cves: CVE-2026-23528 Source advisory: OSV:PYSEC-2026-169...
PYSEC-2026-169
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
UBUNTU-CVE-2026-23528
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
GHSA-C336-7962-WFJ2 Dask Distributed is Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard
Impact When Jupyter Lab, jupyter-server-proxy and Dask distributed are all run together it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes...
aces-apps (=1.5.4), aggfly (>=0.1.0 <=0.1.5) +411 more potentially affected by CVE-2026-23528 via distributed (>=1.13.0 <=2025.9.2)
distributed PYPI version =1.13.0, =0.1.0, =0.3.9, =0.0.1, =0.2.0, =0.1.0, =0.0.13b20200721, =0.5.3b20221014 and more Source cves: CVE-2026-23528 Source advisory: OSV:GHSA-C336-7962-WFJ2...
CVE-2026-23528
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
CVE-2026-23528
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
CVE-2026-23528
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
CVE-2026-23528 Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
CVE-2026-23528
CVE-2026-23528 affects Dask distributed versions prior to 2026.1.0 when used with Jupyter Lab and jupyter-server-proxy. A cross-site scripting (XSS) vulnerability in the Dask dashboard can be triggered by a crafted URL, causing code execution in the default Jupyter Python kernel via the Jupyter L...
CVE-2026-23528 Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
EUVD-2026-2922
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
CVE-2026-23528 Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting XSS bug in the Dask...
Distributed security vulnerabilities
Distributed is a distributed task scheduler developed by Dask. Versions prior to Distributed 2026.1.0 contained a security vulnerability. This vulnerability stemmed from a cross-site scripting error in the Dask dashboard, which could allow code execution through a phishing URL...
MiracleLinux 7 : samba-4.6.2-11.el7 (AXSA:2017-2305:06)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2305:06 advisory. It was found that samba did not enforce SMB signing when certain configuration options were enabled. A remote attacker could launch a...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002129)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002129 advisory. The SMB2tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service NULL pointer dereference and...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001859)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001859 advisory. The SMB2tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service NULL pointer dereference and...
Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers
The Black Lotus Labs team at Lumen Technologies said it null-routed traffic to more than 550 command-and-control C2 nodes associated with the AISURU/Kimwolf botnet since early October 2025. AISURU and its Android counterpart, Kimwolf, have emerged as some of the biggest botnets in recent times,...