Lucene search
K

2886 matches found

EUVD
EUVD
added 9 hours ago6 views

EUVD-2026-43647

In Eclipse Jetty, an HTTP URI of this form: /public;/../admin/secret.txt results in an unresolved path of: /public/../admin/secret.txt instead of the expected: /admin/secret.txt Jetty itself is not affected, as it will not serve the secret.txt file because it will not pass the alias checker only...

5.3CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 11 hours ago40 views

Twisted - Open Redirect & XSS

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...

6.1CVSS6.3AI score0.01176EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday245 views

Kyocera TASKalfa printer - Path Traversal

CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings. id: CVE-2023-34259 info: name: Kyocera TASKalfa printer - Path...

4.9CVSS6.7AI score0.60745EPSS
Exploits2References5
Fedora
Fedora
added 2026/07/05 12:52 a.m.8 views

[SECURITY] Fedora 43 Update: python-jupyter-server-2.20.0-1.fc43

The Jupyter Server provides the backend i.e. the core services, APIs, and REST endpoints for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila...

9.3CVSS5.9AI score0.00227EPSS
Exploits0
OSV
OSV
added 2026/06/30 1:16 a.m.4 views

DEBIAN-CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References1
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-394 llama_index vulnerable to SQL Injection

Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...

9.8CVSS7.4AI score0.00581EPSS
Exploits1References6
Microsoft CVE
Microsoft CVE
added 2026/06/16 2:13 a.m.9 views

Chromium: CVE-2026-11642 Use after free in Web Apps

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.2AI score0.00231EPSS
Exploits0
Snyk
Snyk
added 2026/06/08 12:0 a.m.9 views

Directory Traversal

Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...

8.2CVSS6.3AI score0.00341EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/23 12:58 a.m.19 views

[SECURITY] Fedora 44 Update: dotnet10.0-10.0.108-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.5CVSS5.7AI score0.0243EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Jetty9

In Eclipse Jetty versions 1.0 through 9.4.32.v20200930, 10.0.0alpha1 through 10.0.0.beta2, and 11.0.0alpha1 through 11.0.0.beta2O, on Unix-like systems, the system’s temporary directory is shared among all users on that system. A collocated user can observe the process of creating a temporary...

7CVSS7.2AI score0.043EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/12 8:2 p.m.14 views

EUVD-2026-29801

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References1
ICS
ICS
added 2026/05/12 12:0 a.m.24 views

Siemens gWAP

SUMMARY Siemens gPROMS Web Applications Publisher gWAP is affected by a remote code execution vulnerability introduced through a third-party component, namely the Axios HTTP client library. The vulnerability stems from a specific "Gadget" attack chain that allows prototype pollution in other...

9CVSS7.7AI score0.01815EPSS
Exploits5References10
UbuntuCve
UbuntuCve
added 2026/05/05 10:16 p.m.10 views

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS5.7AI score0.00308EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 10:16 p.m.10 views

UBUNTU-CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS5.7AI score0.00308EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/05/05 10:16 p.m.9 views

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References5
OSV
OSV
added 2026/05/05 10:16 p.m.7 views

UBUNTU-CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/05 8:16 p.m.11 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.8AI score0.00583EPSS
Exploits2References2
OSV
OSV
added 2026/05/05 8:16 p.m.9 views

UBUNTU-CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.8AI score0.00583EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2026/05/05 4:16 p.m.9 views

CVE-2025-61669

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.3CVSS5.7AI score0.00265EPSS
Exploits1References2
OSV
OSV
added 2026/05/05 4:16 p.m.9 views

UBUNTU-CVE-2025-61669

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.3CVSS5.9AI score0.00265EPSS
Exploits1References3
Rows per page
Query Builder