12 matches found
GHSA-37W4-HWHX-4RC4 JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request
The allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments...
CVE-2025-14265
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
CVE-2025-14265
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
CVE-2025-14265
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
CVE-2025-14265
CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...
CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
EUVD-2025-202687
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework
In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...
PT-2025-50611
Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 25.8 Description The ScreenConnect server component, in versions prior to 25.8, has insufficient server-side validation and integrity checks within its extension subsystem. This allows the installation and...
CVE-2025-66022
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...
EUVD-2025-199690
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...
OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)
An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...