Lucene search
K

4 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.5 views

CVE-2026-52798

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS0.00429EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:35 p.m.22 views

CVE-2026-48704

Warp Markdown notebooks can trigger opening of executable local files via local-file links in Markdown documents. From Warp versions 0.2023.10.24.08.03.stable_00 through 0.2026.05.06.15.42.stable_01, clicking a local-file link in a rendered Markdown may route the target to a platform file opener ...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 5:35 p.m.5 views

CVE-2026-48704 Warp Markdown notebook links may open executable local files

Warp is an agentic development environment. From 0.2023.10.24.08.03.stable00 until 0.2026.05.06.15.42.stable01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or project can contain a local-file link that appears as normal...

8.8CVSS5.9AI score0.00255EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/06 9:43 p.m.10 views

Cross-site Scripting (XSS)

Overview @jupyterlab/rendermime is a JupyterLab - RenderMime Affected versions of this package are vulnerable to Cross-site Scripting XSS via the handling of data-commandlinker-command and data-commandlinker-args attributes in HTML content. An attacker can execute arbitrary commands, including co...

9.3CVSS5.9AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder