Lucene search
K

85171 matches found

Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-54528 jupyterlab-git excluded_paths Case-Sensitivity Bypass Allows Reading Excluded Directories

JupyterLab Git is a Git extension for JupyterLab. Prior to 0.54.0, jupyterlab-git uses fnmatch.fnmatchcase in GitHandler.prepare in jupyterlabgit/handlers.py to enforce excludedpaths, allowing an authenticated user on a case-insensitive filesystem to vary URL path casing and read excluded...

7.1CVSS0.00285EPSS
Exploits0References3
CVE
CVE
added 2 days ago45 views

CVE-2026-54527

CVE-2026-54527 affects the jupyterlab-git extension. The PlainTextDiff.ts createHeader() renders renamed-file headers by directly inserting Git filenames into innerHTML, enabling stored XSS that can lead to remote code execution. Affected range is before 0.54.0, with fix released in 0.54.0. Explo...

9.3CVSS6AI score0.00284EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2 days ago2 views

CVE-2026-54527 JupyterLab Git: Stored XSS leading to RCE

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS6AI score0.00284EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-54527

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS6AI score0.00284EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42428

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS6AI score0.00284EPSS
Exploits1References3
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-54527 JupyterLab Git: Stored XSS leading to RCE

JupyterLab Git is a Git extension for JupyterLab. From 0.30.0b3 before 0.54.0, the PlainTextDiff.ts createHeader method passes Git filenames directly to innerHTML when rendering renamed files in commit history, allowing a crafted filename to execute JavaScript when a victim views the rename diff ...

9.3CVSS0.00284EPSS
Exploits1References3
Cvelist
Cvelist
added 2 days ago29 views

CVE-2025-12506 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS0.00183EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2025-210442

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS6AI score0.00183EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2 days ago2 views

CVE-2025-12506 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS6AI score0.00183EPSS
Exploits0References3
CVE
CVE
added 2 days ago43 views

CVE-2025-12506

CVE-2025-12506 affects GitLab CE/EE prior to the patched releases: 16.5–before 18.11.7, 19.0–before 19.0.4, and 19.1–before 19.1.2. The issue stems from improper handling of Git reference name resolution, which could allow an authenticated user to create a repository where the content shown in th...

4.3CVSS6AI score0.00183EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2 days ago33 views

CVE-2025-12506

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS6AI score0.00183EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago6 views

OneRingBuf has a Use After Free Vulnerability

Affected versions of oneringbuf exposed the obsolete IntoRef::intoref method through the public IntoRef trait. For heap-backed ring buffers, this method returned a DroppableRef handle. DroppableRef stored an owning raw pointer created from Box::intoraw. Its Clone implementation copied this raw...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago6 views

DSpace: Path Traversal is possible through LDN message generation

Overview A path traversal vulnerability is possible via the COAR Notify / LDN service in DSpace. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. When reading a file input stream of an...

5.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago8 views

DSpace: ORE resource URI does not validate scheme for non-web resources

Overview When ingesting an aggregated ORE resource by URI using the OAI-ORE Harvester, the ORE Ingestion Crosswalk does not validate the URI scheme. This may allow for local file inclusion via malicious paths like file:///etc/passwd. This vulnerability impacts DSpace versions = 7.6.6, 8.0 = 8.3,...

6AI score
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago6 views

DSpace has a possible Path Traversal Vulnerability in its Curation Task Reporter output path

Overview The Curation Task feature allows an output path to be used by the reporter -r parameter, typically used to stream results and status of curation task operations. It is not restricted to any particular base path, meaning that any path writable by the DSpace often 'tomcat' user is allowed...

5.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2 days ago13 views

DSpace has possible Remote Code Execution (RCE) through Velocity Templates used by LDN

Overview Remote Code Execution RCE is possible via Velocity Templates used by DSpace for COAR Notify/LDN messages. This vulnerability impacts DSpace versions 8.0 = 8.3, 9.0 = 9.2. The attacker MUST already have DSpace administrator credentials in order to perform the attack. This attack is relate...

9CVSS6.8AI score0.22709EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2 days ago4 views

CVE-2026-55575

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS0.00384EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42354

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS6AI score0.00384EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago2 views

CVE-2026-55575

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS6AI score0.00384EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-55575 LiquidJS: `pop` filter bypasses `memoryLimit` accounting that its array-filter siblings enforce

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...

8.2CVSS0.00384EPSS
Exploits0References4
Rows per page
Query Builder