GHSA-VMHF-C436-HXJ4 JupyterLab: Stored XSS in extension manager through package metadata unsanitized URI protocol

A malicious PyPI package can place a javascript: URL in its project.urls metadata. JupyterLab's Extension Manager renders this as the extension's home-page link without validating the protocol, so a user who clicks the extension name executes attacker-controlled JavaScript in the JupyterLab origi...

CVE-2026-45037 Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

GLSA-202305-11 : Tor: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202305-11 Tor: Multiple Vulnerabilities - Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka...

CVE-2023-23589

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002...

Cobbler <= 3.3.3 Unsafe Protocol Vulnerability

Cobbler is prone to an unsafe protocol usage vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2022-23108

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...