828 matches found
CLSA-2026-1778237657 binutils: Fix of 4 CVEs
CVE-2025-5244: fix ld segfault on fuzzed object via NULL group head - CVE-2025-5245: fix segv in objdump debugtypesamep and debugwritetype on incomplete enum types - CVE-2026-3441: fix xcofflink XTYLD xscnlen out-of-bounds index - CVE-2026-3442: fix xcofflink rsymndx out-of-bounds sym hash index...
SUSE CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
Cross-site Scripting (XSS)
Overview @jupyterlab/apputils is a JupyterLab - Application Utilities Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands,...
Cross-site Scripting (XSS)
Overview @jupyterlab/rendermime-interfaces is a JupyterLab - Interfaces for Mime Renderers Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...
GHSA-MQCG-5X36-VFCG JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content
JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with ...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40171
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...
Jupyter多款产品 跨站脚本漏洞
Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...
CLSA-2026-1777890711 flatpak: Fix of CVE-2026-34079
CVE-2026-34079: fix arbitrary host file deletion via app-controlled ld.so cache symlink in flatpakswitchsymlinkandremove...
WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Internal Link Juicer: SEO Auto Linker for WordPress versions = 2.24.6...
Open Redirect
Overview notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens a...
Open Redirect
Overview @jupyter-notebook/help-extension is a Jupyter Notebook - Help Extension Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens and gain unauthorized access to user accounts by convincing a user to open a...
Amazon Linux 2023 : flatpak, flatpak-devel, flatpak-libs (ALAS2023-2026-1601)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1601 advisory. A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitra...
Malicious code in pdf-linker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14402ea1542260a2cb6471902d5e0d037fecb136e1f2b2995b2741eb775f495d The package pdf-linker was found to contain malicious code. Source: ghsa-malware b496570e3a5a77b10f653cddc3b93d0ae974b01b253f0468a02c169c9fc0eb2c Any...
MAL-2026-2677 Malicious code in pdf-linker (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14402ea1542260a2cb6471902d5e0d037fecb136e1f2b2995b2741eb775f495d The package pdf-linker was found to contain malicious code. Source: ghsa-malware b496570e3a5a77b10f653cddc3b93d0ae974b01b253f0468a02c169c9fc0eb2c Any...
SUSE CVE-2026-34983
Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...
CLSA-2026-1776069613 Fix CVE(s): CVE-2026-3441, CVE-2026-3442
SECURITY UPDATE: buffer overflow in xcoff linker - debian/patches/CVE-2026-3441CVE-2026-3442.patch: properly bounds check XTYLD xscnlen index in xcofflinkaddsymbols - CVE-2026-3441 SECURITY UPDATE: out-of-bounds read in xcoff linker - debian/patches/CVE-2026-3441CVE-2026-3442.patch: sanity check...
Exploit for Out-of-bounds Write in Netapp Bootstrap_Os
CVE-2023-4911 "Looney Tunables" 분석 환경 GNU C Libraryglibc...