Lucene search
K

12 matches found

OSV
OSV
added 2026/05/05 8:53 p.m.5 views

GHSA-37W4-HWHX-4RC4 JupyterLab has an Extension Manager API/GUI Policy Discrepancy, allowing 3rd party (malicious) extensions install via POST request

The allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab prior to 4.5.7. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This has security implications for deployments...

8.8CVSS5.9AI score0.0053EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/12 3:11 p.m.6 views

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS7.3AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2025/12/11 3:15 p.m.11 views

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS0.00324EPSS
Exploits0References1
OSV
OSV
added 2025/12/11 3:15 p.m.8 views

CVE-2025-14265

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS6AI score0.00324EPSS
Exploits0References1
CVE
CVE
added 2025/12/11 2:21 p.m.20 views

CVE-2025-14265

CVE-2025-14265 (ScreenConnect) affects the ScreenConnect server component (not host/guest clients). The issue is due to insufficient server-side validation and integrity checks within the extension subsystem, allowing the installation and execution of untrusted or arbitrary extensions by authoriz...

9.1CVSS6.9AI score0.00324EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/11 2:21 p.m.5 views

CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS6.9AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/11 2:21 p.m.4 views

EUVD-2025-202687

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS6.8AI score0.00324EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/11 2:21 p.m.26 views

CVE-2025-14265 Improper server-side validation in ScreenConnect extension framework

In versions of ScreenConnect™ prior to 25.8, server-side validation and integrity checks within the extension subsystem could allow the installation and execution of untrusted or arbitrary extensions by authorized or administrative users. Abuse of this behavior could result in the execution of...

9.1CVSS0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.5 views

PT-2025-50611

Name of the Vulnerable Software and Affected Versions ScreenConnect versions prior to 25.8 Description The ScreenConnect server component, in versions prior to 25.8, has insufficient server-side validation and integrity checks within its extension subsystem. This allows the installation and...

9.1CVSS7.9AI score0.00324EPSS
Exploits0References10
NVD
NVD
added 2025/11/26 3:15 a.m.11 views

CVE-2025-66022

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...

9.8CVSS0.00591EPSS
Exploits1References2
EUVD
EUVD
added 2025/11/26 2:8 a.m.6 views

EUVD-2025-199690

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...

9.6CVSS8.4AI score0.00591EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2017/12/13 4:48 p.m.2 views

OpenJDK: untrusted extension directories search path in Launcher (JCE, 8163528)

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges...

7.7CVSS7.3AI score0.00759EPSS
Exploits2References5
Rows per page
Query Builder