2460334 matches found
CVE-2026-6658
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
CVE-2025-7958
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...
EUVD-2025-210348
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...
CVE-2025-7958
Summary (CVE-2025-7958): A code injection vulnerability exists in Trellix Network Security CM and NX. A locally authenticated admin user can trigger arbitrary code execution via the web interface and Alert artifact details. The issue is described as enabling remote-like control within the device ...
CVE-2025-7958
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...
CVE-2025-7958
A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...
Malicious Package
Overview hexo-deployer-wrangler is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...
Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...
WordPress MapSVG plugin <= 8.6.4 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin MapSVG versions = 8.6.4...
CVE-2026-6658
A vulnerability in jupyter/nbconvert versions = 7.17.0 allows for Cross-site Scripting XSS via unsanitized text/vnd.mermaid output in HTML exports. The datamermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling attacker...
EUVD-2026-39642
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
CVE-2026-6658
The CVE-2026-6658 issue affects jupyter/nbconvert versions <= 7.17.0. The vulnerability arises because the data_mermaid block in share/templates/lab/base.html.j2 renders text/vnd.mermaid cell output directly into HTML without escaping, enabling Cross-site Scripting (XSS) by breaking out of the...
CVE-2026-6658 Cross-site Scripting (XSS) in jupyter/nbconvert
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
CVE-2026-6658
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
CVE-2026-6658 Cross-site Scripting (XSS) in jupyter/nbconvert
A vulnerability in jupyter/nbconvert versions tag. This vulnerability impacts any server using nbconvert to render notebooks as HTML, allowing attackers to execute arbitrary JavaScript in the context of users viewing the HTML export...
WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin H5P versions = 1.17.7...
Server-Side Request Forgery
jackson-databind is vulnerable to server-side request forgery SSRF. The vulnerability is due to eager DNS resolution during InetSocketAddress deserialization, where untrusted hostnames are resolved before application-level validation, allowing attackers to trigger arbitrary DNS requests by...
Malicious code in sqligen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...
MAL-2026-6515 Malicious code in sqligen (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de59ac5884f286d69e42a71ba0cb7b99aa06d2b1f0e28a279a84d3db86eb3196 setup.py contains an obfuscated install-time dropper that fires on Windows. Two functions with diagnostic-sounding names 'GetDefaultSystemPolicy' /...
Security Bulletin: Due to use of Nodejs Express.js, multiple vulnerabilities affect IBM Cloud Pak System[CVE-2024-43796, CVE-2024-43799, CVE-2024-43800]
Summary Multiple vulnerabilities in Send cross-site scripting XSS within the SendStream.redirect, serve-static built-in and response.redirect found in Node.js Express.js which is used by IBM Cloud Pak System. Vulnerabilities were addressed by IBM Cloud Pak System. Vulnerability Details...