CVE-2025-66450

CVE-2025-66450 affects LibreChat. Versions 0.8.0 and below allow an attacker to modify the iconURL parameter in a POST request, causing malicious code to be stored in a chat and potentially shared with others. This can lead to privacy loss for users who view the shared chat link. The issue is add...

EUVD-2019-0095

Malware in sbrugna...

Improper Neutralization of Input During Web Page Generation in Jupyter Notebook

An XSSI cross-site inclusion vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of erro...

CVE-2019-9644

An XSSI cross-site inclusion vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of erro...

CVE-2019-9644

Jupyter Notebook before 5.7.6 is affected by an XSSI vulnerability that allows inclusion of resources on malicious pages when users are authenticated to a Jupyter server. The issue arises from improper handling of cross-site script inclusion and can lead to exposure of resource contents (notably ...

OWLLib OWLLIB_ROOT参数文件包含漏洞

OWLLib是用于访问OWL文件的PHP函数库。 OWLLib在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 OWLLib的owllib/memory/OWLMemoryProperty.php文件中没有正确验证OWLLIBROOT参数的输入，允许攻击者通过包含本地或外部资源任意文件导致执行任意指令。 漏洞相关代码如下： requireonce "$OWLLIBROOT/OWLProperty.php"; requireonce "$OWLLIBROOT/memory/OWLMemoryClass.php";...