CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...

WordPress plugin LBG Zoominoutslider 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-68056

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through = 5.4.4...

CVE-2025-68056

CVE-2025-68056 affects the WordPress plugin LBG Zoominoutslider (LambertGroup)

EUVD-2018-6848

Malware in sbrugna...

EUVD-2018-6846

Malware in sbrugna...

SUSE CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

CVE-2023-30475

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin = 5.4.5 versions...

WordPress plugin kk Star Ratings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-1527 · Unknown · Feedbackwp Kk Star Ratings

Name of the Vulnerable Software and Affected Versions: FeedbackWP kk Star Ratings versions through 5.4.5 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through...

VulnCheck KEV: CVE-2021-27850

A critical unauthenticated remote code execution vulnerability was found all recent versions of Apache Tapestry. The affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. The vulnerability I have found is a bypass of the fix for CVE-2019-0195. Recap: Before the fix of CVE-2019-0195 it was...

WordPress Jannah premium theme <= 5.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Truoc Phan in WordPress Jannah premium theme versions = 5.4.4. Solution Update the WordPress Jannah premium theme to the latest available version at least 5.4.5...

WordPress 5.4.x < 5.4.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An XML External Entity XXE vulnerability exists in the media library affecting PHP 8. - A data exposure vulnerability exists in the REST API. Note that the scanner has not...

Arbitrary File Read

libreoffice is vulnerable to arbitrary file read attacks. The vulnerability exists as LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function...

EMLsoft SQL Injection Vulnerability

EMLsoft is an enterprise address book management system. A SQL injection vulnerability exists in the upload\eml\action\action.user.php file in EMLsoft version 5.4.5. A remote attacker can exploit this vulnerability to view, add, modify or delete information in the back-end database with the help ...

Fortinet FortiOS 5.2.x / 5.3.x / 5.4.x < 5.4.5 Multiple XSS (FG-IR-17-127)

The version of Fortinet FortiOS running on the remote device is 5.2.x, 5.3.x, or 5.4.x prior to 5.4.4. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities : - A cross-site scripting XSS vulnerability exists when saving configuration revisions due to improper validation...