Lucene search
K
ZdtMost viewed

39001 matches found

0day.today
0day.today
added 2019/12/11 12:0 a.m.263 views

Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Exploit Author: LiquidWorm Product web page: https://www.inim.biz Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/06/25 12:0 a.m.263 views

Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation Exploit

Windows: CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The kernel’s CmpAddRemoveContainerToCLFSLog function doesn’t...

7.8CVSS0.03035EPSS
Exploits1
0day.today
0day.today
added 2019/05/22 12:0 a.m.263 views

FreeBSD rtld execl() Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The rtld unsetenv function fails to remove LD environment variables if findenv fails. This can be abused to load arbitrary shared objects using LDPRELOAD, resulting in privileged code execution. This module...

7.2CVSS0.8AI score0.03903EPSS
Exploits5
0day.today
0day.today
added 2018/11/15 12:0 a.m.263 views

WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ======================================================================================== Custom Frontend Login Registration Form v1.01 WP Plugin - Multiple XSS Vulnerabilities...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/14 12:0 a.m.263 views

EdTv 2 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: EdTv 2 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://edtv.edsup.org/ Software Link: https://ayera.dl.sourceforge.net/project/edtv/beta/edtv2go.zip Version: 2 Category: Webapps Tested on:...

0.3AI score
Exploits0
0day.today
0day.today
added 2014/02/23 12:0 a.m.263 views

Python socket.recvfrom_into() remote buffer overflow exploit

Proof of concept, that demonstrated the remote exploitability of this python socket flaw, if the python code uses recvfrominto unsafelly. To avoid NX, ret2libc can be used thanx to !/usr/bin/env python ''' Exploit Title: python socket.recvfrominto remote buffer overflow Date: 21/02/2014 Exploit...

7.5CVSS0.7AI score0.28319EPSS
Exploits7
0day.today
0day.today
added 2013/07/26 12:0 a.m.263 views

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within...

9.3CVSS0.1AI score0.99998EPSS
Exploits18
0day.today
0day.today
added 2024/10/22 12:0 a.m.262 views

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection Vulnerability

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script. ABB Cylon Aspect 3.08.01 databaseFileDelete.p...

8.7AI score
Exploits0
0day.today
0day.today
added 2024/04/15 12:0 a.m.262 views

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass Exploit

Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/projects/Online-Fire-Reporting-System-using-PHP.zip Version: ...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/01/31 12:0 a.m.262 views

Grocy <= 4.0.2 - CSRF Vulnerability

Exploit Title: Grocy history.pushState'','', '/'; document.forms0.submit; If a user is logged into the Grocy Webapp at time of execution, a new user will be created in the app with the following credentials Username: hacker Password: test Note: In order for this to work, the target must have Crea...

8.8CVSS8.9AI score0.00375EPSS
Exploits4
0day.today
0day.today
added 2024/01/08 12:0 a.m.262 views

PluXml Blog 5.8.9 Remote Code Execution Vulnerability

Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://pluxml.org/ Version : 5.8.9 Tested on: https://www.softaculous.com/apps/cms/PluXml 1 After login Click Static pages Edit Write in content your payloa...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/07/11 12:0 a.m.262 views

BuildaGate5library v5 - Reflected Cross-Site Scripting Vulnerability

Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting XSS Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: None Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36163 PoC: An attacker just needs to find the vulnerable parameter mc= and inject the JS code...

6.1CVSS7.1AI score0.02936EPSS
Exploits5
0day.today
0day.today
added 2023/04/02 12:0 a.m.262 views

GitLab v15.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: GitLab v15.3 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Francesco Sardella Vendor Homepage: https://about.gitlab.com/ Software Link: https://about.gitlab.com/install/ Version: GitLab CE/EE, all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to...

9.9CVSS9.2AI score0.75718EPSS
Exploits4
0day.today
0day.today
added 2023/03/30 12:0 a.m.262 views

Ancillary Function Driver (AFD) For Winsock Privilege Escalation Exploit

A vulnerability exists in the Windows Ancillary Function Driver for Winsock afd.sys can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can b...

7.8CVSS7.5AI score0.65417EPSS
Exploits13
0day.today
0day.today
added 2023/03/28 12:0 a.m.262 views

X-Skipper-Proxy v0.13.237 - Server Side Request Forgery Vulnerability

Exploit Title: X-Skipper-Proxy v0.13.237 - Server Side Request Forgery SSRF Exploit Author: Hosein Vita & Milad Fadavvi Vendor Homepage: https://github.com/zalando/skipper Software Link: https://github.com/zalando/skipper Version: v0.13.237 Tested on: Linux CVE: CVE-2022-38580 Summary: Skipper...

9.8CVSS9.6AI score0.10573EPSS
Exploits3
0day.today
0day.today
added 2023/03/23 12:0 a.m.262 views

wkhtmltopdf 0.12.6 - Server Side Request Forgery Vulnerability

Exploit Title: wkhtmltopdf 0.12.6 - Server Side Request Forgery Date: 20/8/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wkhtmltopdf.org Software Link: https://wkhtmltopdf.org/downloads.html Version: 0.12.6 Tested on: Windows ASP.NET POST /PDF/FromHTML HTTP/1.1 Host:...

9.8CVSS9.4AI score0.11276EPSS
Exploits4
0day.today
0day.today
added 2022/09/05 12:0 a.m.262 views

Online Market Place Site 1.0 Cross Site Scripting Vulnerability

Exploit Title: Online Market Place Site v1.0 - Stored Cross-Site Scripting XSS Exploit Author: Joe Pollock Vendor Homepage: https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html Software Link:...

5.4CVSS5.6AI score0.00497EPSS
Exploits3
0day.today
0day.today
added 2022/05/17 12:0 a.m.262 views

Showdoc 2.10.3 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting XSS Exploit Author: Akshay Ravi Vendor Homepage: https://github.com/star7th/showdoc Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3 Version: alert1" 2. Login to showdoc v2.10.2 and go to file library Endpoint =...

6.9CVSS5.6AI score0.03274EPSS
Exploits4
0day.today
0day.today
added 2022/02/22 12:0 a.m.262 views

WordPress 99robots Header Footer Code Manager 1.1.16 Cross Site Scripting Vulnerability

The Wordfence Threat Intelligence team responsibly disclosed a reflected Cross-Site Scripting XSS vulnerability in Header Footer Code Manager, a WordPress plugin with over 300,000 installations. The plugin publisher quickly acknowledged our initial contact and we sent the full disclosure details...

6.1CVSS0.1AI score0.02379EPSS
Exploits2
0day.today
0day.today
added 2022/01/17 12:0 a.m.262 views

Cisco IP Phone Cleartext Password Storage Vulnerability

Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 suffer from an insecure password storage vulnerability. ======================================================================= title: Cleartext Storage of Phone Password product: Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832,...

4.6CVSS5.6AI score0.00351EPSS
Exploits3
0day.today
0day.today
added 2020/08/01 12:0 a.m.262 views

Daily Tracker System 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Tracker System v1.0 - Reflected Cross Site Scripting XSS Exploit Author: Adeeb Shah Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/20 12:0 a.m.262 views

Daily Expense Tracker 1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Daily Expense Tracker 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...

0.3AI score
Exploits0
0day.today
0day.today
added 2020/04/03 12:0 a.m.262 views

Oracle Coherence Fusion Middleware Remote Code Execution Exploit

Exploit Title: Oracle Coherence Fusion Middleware - Remote Author: nu11secur1ty Vendor: Oracle Link: https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-2555 CVE: CVE-2020-2555 + Credits: Ventsislav Varbanovski @ nu11secur1ty + Website: https://www.nu11secur1ty.com/ +...

9.8CVSS0.97116EPSS
Exploits26
0day.today
0day.today
added 2020/03/28 12:0 a.m.262 views

Webexcels Ecommerce CMS 2.x SQL Injection / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Webexcels Ecommerce CMS SQL Injection & XSS Vulnerability Google Dork: intext:intext:" By WEB EXCELS "+inurl:"?Id=" Exploit Author: @ThelastVvV Vendor Homepage: https://www.webexcels.com/ Version: 2.x 2017,2018,2019,2020 Tested...

Exploits0
0day.today
0day.today
added 2018/11/09 12:0 a.m.262 views

D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery Vulnerability

Using a web browser or script server-side request forgery SSRF can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a...

8.7AI score0.44101EPSS
Exploits3
0day.today
0day.today
added 2018/07/16 12:0 a.m.262 views

Linux Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Exploit

Exploit for linux platform in category dos / poc / Note: I am both sending this bug report to email protected and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to each other to determine the best place to fix...

8.3AI score0.0101EPSS
Exploits2
0day.today
0day.today
added 2006/08/30 12:0 a.m.262 views

Lanifex DMO <= 2.3b (_incMgr) Remote File Include Exploit

Exploit for unknown platform in category web applications ========================================================= Lanifex DMO s...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/06/26 12:0 a.m.261 views

Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting Vulnerability

Exploit Title: Automad 2.0.0-alpha.4 - Stored Cross-Site Scripting XSS Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://automad.org Software Link: https://github.com/marcantondahmen/automad Category: Web Application Flat File CMS Version: 2.0.0-alpha.4 Tested on: Docker version...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/04/22 12:0 a.m.261 views

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Insecure Direct Object Reference Vulnerability

Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability. Elber Reble610 M/ODU XPIC IP-ASI-SDH Microwave Link Device Config Vendor: Elber S.r.l. Product web page: https://www.elber.it...

7.5AI score
Exploits0
0day.today
0day.today
added 2023/06/17 12:0 a.m.261 views

Online Thesis Archiving System v1.0 - Multiple SQL injection Vulnerability

Exploit Title: Online Thesis Archiving System v1.0 - Multiple-SQLi Author: nu11secur1ty Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15083/online-thesis-archiving-system-using-phpoop-free-source-code.html Reference:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/06/13 12:0 a.m.261 views

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Exploit Title: Sales Tracker Management System v1.0 – Multiple Vulnerabilities EXPLOIT-AUTHOR: AFFAN AHMED Vendor Homepage: Software Link: Version: 1.0 Tested on: Windows 11 + XAMPP CVE : CVE-2023-3184 ============================== CREDENTIAL TO USE ============================== ADMIN-ACCOUNT...

4.8CVSS7.1AI score0.02264EPSS
Exploits4
0day.today
0day.today
added 2023/06/12 12:0 a.m.261 views

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vulnerability

Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution...

8.4AI score
Exploits0
0day.today
0day.today
added 2023/05/02 12:0 a.m.261 views

phpMyFAQ v3.1.12 - CSV Injection Vulnerability

Exploit Title: phpMyFAQ v3.1.12 - CSV Injection Application: phpMyFAQ Version: 3.1.12 Bugs: CSV Injection Technology: PHP Vendor URL: https://www.phpmyfaq.de/ Software Link: https://download.phpmyfaq.de/phpMyFAQ-3.1.12.zip Date of found: 21.04.2023 Author: Mirabbas Ağalarov Tested on: Windows 2...

6.9AI score
Exploits0
0day.today
0day.today
added 2023/04/10 12:0 a.m.261 views

Paradox Security Systems IPR512 - Denial Of Service Exploit

!/bin/bash Exploit Title: Paradox Security Systems IPR512 - Denial Of Service Google Dork: intitle:"ipr512 - login screen" Date: 09-APR-2023 Exploit Author: Giorgi Dograshvili Vendor Homepage: Paradox - Headquarters https://www.paradox.com/Products/default.asp?PID=423 Version: IPR512 CVE :...

7.5CVSS7.6AI score0.44171EPSS
Exploits9
0day.today
0day.today
added 2023/04/08 12:0 a.m.262 views

Adobe Connect 11.4.5 - Local File Disclosure Vulnerability

Title: Adobe Connect 11.4.5 - Local File Disclosure Author: h4shur date:2021.01.16-2023.02.17 CVE: CVE-2023-22232 Vendor Homepage: https://www.adobe.com Software Link: https://www.adobe.com/products/adobeconnect.html Version: 11.4.5 and earlier, 12.1.5 and earlier User interaction: None Tested on...

5.3CVSS5.8AI score0.81875EPSS
Exploits4
0day.today
0day.today
added 2023/03/28 12:0 a.m.261 views

SolarWinds Information Service (SWIS) Remote Command Execution Exploit

The SolarWinds Information Service SWIS is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue. A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized .NET object which can lead t...

7.2CVSS8.1AI score0.69546EPSS
Exploits3
0day.today
0day.today
added 2022/10/03 12:0 a.m.261 views

Joomla MyMuse 4.3.0 SQL Injection Vulnerability

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : Gordon Fisch - joomlamymuse.com ...

0.5AI score
Exploits0
0day.today
0day.today
added 2022/09/05 12:0 a.m.261 views

Online Market Place Site 1.0 SQL Injection Exploit

Online Market Place Site version 1.0 suffers from an unauthenticated blind SQL injection vulnerability allowing remote attackers to dump the SQL database via time-based SQL injection. Exploit Title: Online Market Place Site v1.0 - Unauthenticated Blind Time-Based SQL Injection Exploit Author: Joe...

9.8CVSS0.4AI score0.01463EPSS
Exploits3
0day.today
0day.today
added 2022/06/03 12:0 a.m.261 views

Microweber CMS 1.2.15 - Account Takeover Vulnerability

Exploit Title: Microweber CMS 1.2.15 - Account Takeover Exploit Author: Manojkumar J Vendor Homepage: https://github.com/microweber/microweber Software Link: https://github.com/microweber/microweber/releases/tag/v1.2.15 Version: =1.2.15 Tested on: Windows10 CVE : CVE-2022-1631 Description:...

8.8CVSS0.1AI score0.08958EPSS
Exploits4
0day.today
0day.today
added 2022/03/23 12:0 a.m.261 views

WordPress amministrazione-aperta 3.7.3 Plugin - Local File Read - Unauthenticated Vulnerability

Exploit Title: WordPress Plugin amministrazione-aperta 3.7.3 - Local File Read - Unauthenticated Google Dork: inurl:/wp-content/plugins/amministrazione-aperta/ Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/amministrazione-aperta/ Version: 3.7.3...

0.3AI score
Exploits0
0day.today
0day.today
added 2022/02/02 12:0 a.m.261 views

WordPress Product Slider for WooCommerce 1.13.21 Plugin - Cross Site Scripting Vulnerability

Exploit Title: WordPress Plugin Product Slider for WooCommerce 1.13.21 - Cross Site Scripting XSS Author: 0xB9 Software Link: https://wordpress.org/plugins/woocommerc...ts-slider/ Version: 1.13.21 Tested on: Windows 10 CVE: CVE-2021-24300 1. Description: This plugin is a easy carousel slider for...

6.1CVSS6.3AI score0.10587EPSS
Exploits5
0day.today
0day.today
added 2020/07/07 12:0 a.m.261 views

BIG-IP 15.0.0 < 15.1.0.3 - Traffic Management User Interface (TMUI) Remote Code Execution (2)

Exploit for linux platform in category web applications BIG-IP 15.0.0 15.1.0.3 / 14.1.0 14.1.2.5 / 13.1.0 13.1.3.3 / 12.1.0 12.1.5.1 / 11.6.1 11.6.5.1 - Traffic Management User Interface 'TMUI' Remote Code Execution RCE: curl -v -k 'https://F5...

10CVSS0.9AI score0.99999EPSS
Exploits60
0day.today
0day.today
added 2019/10/23 12:0 a.m.261 views

Joomla! 3.4.6 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A This module requires...

7.1AI score
Exploits0
0day.today
0day.today
added 2019/06/18 12:0 a.m.261 views

Thunderbird ESR < 60.7.XXX - parser_get_next_char Heap-Based Buffer Overflow Vulnerability

Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL: https://www.thunderbird.net/ Vendor Reference:...

9.8CVSS9.7AI score0.10527EPSS
Exploits4
0day.today
0day.today
added 2019/04/10 12:0 a.m.261 views

EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities

EasyIO 30P versions prior to 2.0.5.27 suffer from authentication bypass and cross site scripting vulnerabilities. EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CV...

0.1AI score0.0181EPSS
Exploits4
0day.today
0day.today
added 2018/11/14 12:0 a.m.261 views

Rmedia SMS 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Rmedia SMS 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://sms.rmediaindia.com/ Software Link: https://master.dl.sourceforge.net/project/rmediasms/rmediasms.rar Version: 1.0 Category: Webapps Tested on:...

0.1AI score
Exploits0
0day.today
0day.today
added 2014/09/17 12:0 a.m.261 views

ZTE ZXDSL-931VII Unauthenticated Configuration Dump

Unauthenticated Configuration File Download and Decompression of the config.bin file by L0ukanik0s,GR 2014,email protected Usage Info Visit the Url provided above and get a copy of the configuration.bin file form the ZTE router then run the script and decompress the .bin file to get the...

7.2AI score
Exploits0
0day.today
0day.today
added 2010/05/26 12:0 a.m.261 views

Book Gallery (aboutbook.php) SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================================== Book Gallery aboutbook.php SQL Injection Vulnerability ======================================================== Version: 1.0 Author: Mr.P3rfekT Software Link:N/A Tested on Lunix CVE : N/...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/03/18 12:0 a.m.261 views

iFrame for Phpnuke (iframe.php) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications =================================================================== iFrame for Phpnuke iframe.php Remote File Inclusion Vulnerability =================================================================== iFRAME for PhpNuke iframe.php Remote...

7.1AI score
Exploits0
0day.today
0day.today
added 2024/06/13 12:0 a.m.260 views

VSCode ipynb Remote Code Execution Exploit

VSCode when opening a Jupyter notebook .ipynb file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at...

7.8CVSS8.1AI score0.67469EPSS
Exploits3
Total number of security vulnerabilities5000