Lucene search
K

311 matches found

GithubExploit
GithubExploit
added 2026/06/13 7:11 a.m.106 views

Exploit for Cross-Site Request Forgery (CSRF) in Jupyter Jupyterhub

CVE-2026-40864 — JupyterHub XSRF bypass via cross-origin form...

5.4CVSS5.5AI score0.00159EPSS
Exploits1
OSV
OSV
added 2026/06/08 1:50 p.m.2 views

CLEANSTART-2026-MJ28981 Security fixes for CVE-2026-42304, CVE-2026-44307, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 4.3.5-r0, 4.3.5-r1

Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...

8.7CVSS5.8AI score0.00609EPSS
Exploits6References17
Wolfi
Wolfi
added 2026/05/29 7:48 p.m.23 views

CVE-2026-40864 vulnerabilities

Vulnerabilities for packages: py3-jupyterhub...

5.4CVSS5.8AI score0.00159EPSS
Exploits1
Wolfi
Wolfi
added 2026/05/29 7:48 p.m.18 views

GHSA-M68R-V472-JGQ9 vulnerabilities

Vulnerabilities for packages: py3-jupyterhub...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/29 7:38 p.m.11 views

GHSA-M68R-V472-JGQ9 vulnerabilities

Vulnerabilities for packages: py3-jupyterhub...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/29 7:38 p.m.14 views

CVE-2026-40864 vulnerabilities

Vulnerabilities for packages: py3-jupyterhub...

5.4CVSS5.8AI score0.00159EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-40864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0...

5.4CVSS5.5AI score0.00159EPSS
Exploits1References3
OSV
OSV
added 2026/05/22 9:16 p.m.8 views

DEBIAN-CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

4.3CVSS5.8AI score0.00159EPSS
Exploits1References1
NVD
NVD
added 2026/05/22 9:16 p.m.16 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS0.00159EPSS
Exploits1References2
OSV
OSV
added 2026/05/22 9:16 p.m.4 views

UBUNTU-CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/05/22 9:16 p.m.8 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.7AI score0.00159EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/22 8:13 p.m.20 views

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS0.00159EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/22 8:13 p.m.10 views

EUVD-2026-31499

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 8:13 p.m.7 views

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/22 8:13 p.m.8 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/22 8:13 p.m.10 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/22 8:13 p.m.39 views

CVE-2026-40864

Affected software: JupyterHub (versions 4.1.0–5.4.4). Vulnerability: Cross-origin form POSTs bypass XSRF because XSRF protection treated requests with Sec-Fetch-Mode: no-cors as same-origin, affecting HTTP form endpoints (e.g., /hub/spawn, /hub/accept-share). The JSON API is not affected. Impact ...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

JupyterHub 跨站请求伪造漏洞

JupyterHub is an open-source service designed for multi-user environments using Jupyter. Versions 4.1.0 to 5.4.4 of JupyterHub contain a cross-site request forgeing vulnerability. This vulnerability arises from the improper handling of XSRF protections, which mistakenly treat requests with the...

5.4CVSS5.7AI score0.00159EPSS
Exploits1References2
OSV
OSV
added 2026/05/18 1:34 p.m.5 views

CLEANSTART-2026-CR27895 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 4.3.5-r0

Multiple security vulnerabilities affect the jupyterhub-k8s-hub package. These issues are resolved in later releases. See references for individual vulnerability details...

8.7CVSS5.8AI score0.00609EPSS
Exploits2References7
OSV
OSV
added 2026/05/18 1:28 p.m.6 views

CLEANSTART-2026-UO66475 Security fixes for CVE-2026-42304, CVE-2026-44307, ghsa-2h4p-vjrc-8xpq, ghsa-grgv-6hw6-v9g4 applied in versions: 5.4.6-r0

Multiple security vulnerabilities affect the py3-jupyterhub package. These issues are resolved in later releases. See references for individual vulnerability details...

8.7CVSS5.8AI score0.00609EPSS
Exploits2References7
Rows per page
Query Builder