CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1262 matches found

OPENSUSE-SU-2026:10972-1 python311-jupyter-server-2.19.0-1.1 on GA media

These are all security issues fixed in the python311-jupyter-server-2.19.0-1.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS5.5AI score0.00044EPSS

Exploits1References1

RedhatCVE•added 6 days ago•6 views

CVE-2026-49384

In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible...

6.1CVSS5.4AI score0.00088EPSS

Exploits0References1

RedhatCVE•added 6 days ago•4 views

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS5.8AI score0.00059EPSS

Exploits0References1

RedhatCVE•added 6 days ago•6 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.5AI score0.00058EPSS

Exploits2References1

RedhatCVE•added 6 days ago•8 views

CVE-2026-6657

A flaw was found in jupyter-server. A remote attacker can bypass Cross-Origin Resource Sharing CORS origin validation when the alloworiginpat configuration is used. This vulnerability allows malicious domains to pass validation against patterns intended for trusted domains. This could lead to...

6.1CVSS5.7AI score0.00024EPSS

Exploits0References4

SUSE CVE•added 6 days ago•7 views

SUSE CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6AI score0.00024EPSS

Exploits0References3

RedhatCVE•added 2026/06/04 12:39 p.m.•8 views

CVE-2026-40934

A flaw was found in Jupyter Server. The secret used to sign authentication cookies is not rotated when a user changes their password, allowing previously issued authentication cookies to remain valid. A remote attacker who has captured a session cookie can retain full authenticated access to the...

7.6CVSS5.8AI score0.00021EPSS

Exploits1References4

OSV•added 2026/06/04 12:0 a.m.•6 views

UBUNTU-CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allow...

6.1CVSS5.8AI score0.00024EPSS

Exploits0References3

Tenable Nessus•added 2026/06/04 12:0 a.m.•7 views

JetBrains PyCharm < 2025.3.4 Stored XSS

According to its self-reported version, the JetBrains PyCharm installation on the remote host is prior to 2025.3.4. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in Jupyter notebook Markdown cells. In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook...

6.1CVSS5.3AI score0.00088EPSS

Exploits0References2

vulnersOsv•added 2026/06/03 9:37 p.m.•2 views

h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44182 via jupyter-enterprise-gateway (=3.2.2)

jupyter-enterprise-gateway PYPI version =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-enterprise-gateway and may be impacted: - h2o-notebook =0.3.0, =0.4.1 Source cves: CVE-2026-44182 Source advisory: OSV:GHSA-CFW7-6C5V-2WJQ...

5.5AI score

Exploits0

vulnersOsv•added 2026/06/03 9:36 p.m.•2 views

h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44181 via jupyter-enterprise-gateway (=3.2.2)

5.5AI score

Exploits0

Github Security Blog•added 2026/06/03 9:30 p.m.•7 views

Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...

6.1AI score

Exploits0References3Affected Software1

vulnersOsv•added 2026/06/03 9:30 p.m.•2 views

h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44180 via jupyter-enterprise-gateway (=3.2.2)

5.5AI score

Exploits0

NVD•added 2026/06/03 4:16 p.m.•6 views

CVE-2026-6657

6.1CVSS0.00024EPSS

Exploits0References1

Cvelist•added 2026/06/03 3:6 p.m.•40 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

6.1CVSS0.00024EPSS

Exploits0References1

ATTACKERKB•added 2026/06/03 3:6 p.m.•4 views

CVE-2026-6657

6.1CVSS6.6AI score0.00024EPSS

Exploits0References2

Debian CVE•added 2026/06/03 3:6 p.m.•6 views

CVE-2026-6657

6.1CVSS6.6AI score0.00024EPSS

Exploits0

Vulnrichment•added 2026/06/03 3:6 p.m.•6 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

6.1CVSS6AI score0.00024EPSS

Exploits0References1

CVE•added 2026/06/03 3:6 p.m.•11 views

CVE-2026-6657

CVE-2026-6657 affects jupyter-server 1.12.0–2.17.0. Root cause: using re.match() to validate the Origin header in allow_origin_pat, causing attacker-controlled domains like trusted.example.com.evil.com to bypass CORS origin checks. Impact stated across CORS headers, WebSocket connections, referer...

6.1CVSS6.6AI score0.00024EPSS

Exploits0References1

vulnersOsv•added 2026/06/03 3:6 p.m.•2 views

a-mailx (=0.1.0), a2 (>=0.1.0 <=0.3.17) +360 more potentially affected by CVE-2026-6657 via jupyter-server (>=1.13.2 <=2.17.0)

jupyter-server PYPI version =1.13.2, =0.1.0, =0.14.0.3, =0.3.0, =0.1.0b0, =1.3.4, =0.18.3, =0.1.0, =1.0.1, =0.1.0, =0.14.0 and more Source cves: CVE-2026-6657 Source advisory: SNYK:PYTHON-JUPYTERSERVER-17220130...

6.1CVSS6.3AI score0.00024EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by