CVE-2026-5422

A flaw was found in jupyter-server. This path traversal vulnerability exists due to insufficient validation of file paths, specifically an incorrect root directory boundary check and improper handling of directory traversal sequences. This allows a remote attacker with low privileges to bypass...

EUVD-2026-33905

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

Behind the Curtain: How Shared Hosting Providers Respond to Vulnerability Notifications

Large-scale vulnerability notifications VNs can help hosting provider organizations HPOs identify and remediate security vulnerabilities that attackers can exploit in data breaches or phishing campaigns. Previous VN studies have primarily focused on factors under the control of reporters, such as...

EUVD-2012-1274

Malware in sbrugna...

EUVD-2021-13996

Malware in sbrugna...

EUVD-2015-9096

Malware in sbrugna...

EUVD-2023-32128

Malicious code in bioql PyPI...

EUVD-2023-2887

Malicious code in bioql PyPI...

EUVD-2024-43986

Malicious code in bioql PyPI...

EUVD-2025-18564

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-5550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server...

Linux Distros Unpatched Vulnerability : CVE-2024-34002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules...

Linux Distros Unpatched Vulnerability : CVE-2024-34003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules...

Linux Distros Unpatched Vulnerability : CVE-2024-34005

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity...

Linux Distros Unpatched Vulnerability : CVE-2024-34004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and...

World-Writable NLTK Cache Directory Enables Local Users to Tamper with or Delete NLP Data

Description The llamaindex library sets the NLTK data directory to a subdirectory of the codebase by default e.g., static/nltkcache inside the package directory. In multi-user environments or shared hosting, this directory is world-writable or accessible by multiple users. As a result, any user c...

CVE-2023-28440

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout. This has the greatest potential impact in shared hosting environments where admins are untruste...

CVE-2023-5414

The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...

CVE-2023-5504

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default...

CVE-2021-27231

Hestia Control Panel 1.3.5 and below, in a shared-hosting environment, sometimes allows remote authenticated users to create a subdomain for a different customer's domain name, leading to spoofing of services or email messages...