Lucene search
+L

828 matches found

osv
osv
added 2026/05/08 10:54 a.m.37 views

CLSA-2026-1778237657 binutils: Fix of 4 CVEs

CVE-2025-5244: fix ld segfault on fuzzed object via NULL group head - CVE-2025-5245: fix segv in objdump debugtypesamep and debugwritetype on incomplete enum types - CVE-2026-3441: fix xcofflink XTYLD xscnlen out-of-bounds index - CVE-2026-3442: fix xcofflink rsymndx out-of-bounds sym hash index...

7.8CVSS6AI score0.00255EPSS
Exploits3References1
susecve
susecve
added 2026/05/08 2:22 a.m.10 views

SUSE CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0References3
snyk
snyk
added 2026/05/06 9:43 p.m.11 views

Cross-site Scripting (XSS)

Overview @jupyterlab/apputils is a JupyterLab - Application Utilities Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands,...

9.3CVSS5.9AI score0.00386EPSS
Exploits0References2
snyk
snyk
added 2026/05/06 9:43 p.m.11 views

Cross-site Scripting (XSS)

Overview @jupyterlab/rendermime-interfaces is a JupyterLab - Interfaces for Mime Renderers Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute...

9.3CVSS5.9AI score0.00386EPSS
Exploits0References2
osv
osv
added 2026/05/06 9:43 p.m.4 views

GHSA-MQCG-5X36-VFCG JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all click events on document.body and executes the named command without checking whether the element came from trusted JupyterLab UI. A notebook with ...

9.6CVSS6.4AI score0.00386EPSS
Exploits0References4
nvd
nvd
added 2026/05/06 8:16 p.m.33 views

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS0.00476EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/05/06 8:16 p.m.10 views

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/06 7:36 p.m.8 views

CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/06 7:36 p.m.34 views

CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS0.00476EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/06 12:0 a.m.16 views

Jupyter多款产品 跨站脚本漏洞

Jupyter Notebook is an open-source web application developed by Project Jupyter, designed for creating and sharing code along with explanatory text documents. JupyterLab is another open-source project developed by JupyterLab, offering an extensible environment for interactive and reproducible...

8.4CVSS5.8AI score0.00476EPSS
Exploits0References1
osv
osv
added 2026/05/05 11:30 p.m.14 views

CLSA-2026-1777890711 flatpak: Fix of CVE-2026-34079

CVE-2026-34079: fix arbitrary host file deletion via app-controlled ld.so cache symlink in flatpakswitchsymlinkandremove...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References1
patchstack
patchstack
added 2026/05/01 9:31 a.m.10 views

WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Internal Link Juicer: SEO Auto Linker for WordPress versions = 2.24.6...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
snyk
snyk
added 2026/04/30 5:25 p.m.9 views

Open Redirect

Overview notebook is a web application that allows you to create and share documents that contain live code, equations, visualizations, and explanatory text. Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens a...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
snyk
snyk
added 2026/04/30 5:25 p.m.4 views

Open Redirect

Overview @jupyter-notebook/help-extension is a Jupyter Notebook - Help Extension Affected versions of this package are vulnerable to Open Redirect in the CommandLinker class. An attacker can steal authentication tokens and gain unauthorized access to user accounts by convincing a user to open a...

8.8CVSS6AI score0.00476EPSS
Exploits0References3
nessus
nessus
added 2026/04/30 12:0 a.m.5 views

Amazon Linux 2023 : flatpak, flatpak-devel, flatpak-libs (ALAS2023-2026-1601)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1601 advisory. A complete sandbox escape vulnerability exists in Flatpak before 1.16.4. The Flatpak portal accepts paths in the sandbox-expose options which can be app-controlled symlinks pointing at arbitra...

10CVSS6AI score0.0168EPSS
Exploits0References6
ossf
ossf
added 2026/04/15 3:12 a.m.6 views

Malicious code in pdf-linker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14402ea1542260a2cb6471902d5e0d037fecb136e1f2b2995b2741eb775f495d The package pdf-linker was found to contain malicious code. Source: ghsa-malware b496570e3a5a77b10f653cddc3b93d0ae974b01b253f0468a02c169c9fc0eb2c Any...

5.7AI score
Exploits0References1
osv
osv
added 2026/04/15 3:12 a.m.5 views

MAL-2026-2677 Malicious code in pdf-linker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 14402ea1542260a2cb6471902d5e0d037fecb136e1f2b2995b2741eb775f495d The package pdf-linker was found to contain malicious code. Source: ghsa-malware b496570e3a5a77b10f653cddc3b93d0ae974b01b253f0468a02c169c9fc0eb2c Any...

5.7AI score
Exploits0References1
susecve
susecve
added 2026/04/14 11:25 p.m.8 views

SUSE CVE-2026-34983

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.8AI score0.00117EPSS
Exploits0References3
osv
osv
added 2026/04/13 8:40 a.m.10 views

CLSA-2026-1776069613 Fix CVE(s): CVE-2026-3441, CVE-2026-3442

SECURITY UPDATE: buffer overflow in xcoff linker - debian/patches/CVE-2026-3441CVE-2026-3442.patch: properly bounds check XTYLD xscnlen index in xcofflinkaddsymbols - CVE-2026-3441 SECURITY UPDATE: out-of-bounds read in xcoff linker - debian/patches/CVE-2026-3441CVE-2026-3442.patch: sanity check...

7.1CVSS6AI score0.00255EPSS
Exploits1References1
githubexploit
githubexploit
added 2026/04/11 6:1 p.m.132 views

Exploit for Out-of-bounds Write in Netapp Bootstrap_Os

CVE-2023-4911 "Looney Tunables" 분석 환경 GNU C Libraryglibc...

7.8CVSS6.9AI score0.81422EPSS
Exploits28
Rows per page
Query Builder