CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

JupyterHub 跨站请求伪造漏洞

JupyterHub is an open-source service designed for multi-user environments using Jupyter. Versions 4.1.0 to 5.4.4 of JupyterHub contain a cross-site request forgeing vulnerability. This vulnerability arises from the improper handling of XSRF protections, which mistakenly treat requests with the...

AeroCMS 0.0.1 Shell Upload

AeroCMS-Unrestricted-File-Upload-POC Author: D4rkP0w4r Description = Upload web shell at Post Image in admin panel Step to Reproduct Login to admin panel - Posts - Add Posts - Post Image - upload malicious file shell.php - access /images/shell.php on url - shell.php page Exploit When upload succe...

Cab Management System 1.0 Remote Code Execution

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...