CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

Cross-site Request Forgery (CSRF)

Overview jupyterhub is a JupyterHub: A multi-user server for Jupyter notebooks Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the handling of HTTP form endpoints when requests with the Sec-Fetch-Mode: no-cors header are incorrectly treated as same-origin,...

CVE-2025-68056

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LBG Zoominoutslider lbgzoominoutslider allows SQL Injection.This issue affects LBG Zoominoutslider: from n/a through = 5.4.4...

EximiousSoft Banner Maker v5.45 Handles BMP with Memory Corruption Vulnerability

EximiousSoft Banner Maker is an image manipulation tool. EximiousSoft Banner Maker suffers from a memory corruption vulnerability when processing the BMP format. An attacker can cause the program to crash by constructing a malformed BMP image, which if successfully exploited can lead to arbitrary...