|
1301
|
6.8 |
MEDIUM
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt…
Update
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-40934
|
2026-05-11 22:00 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1302
|
7.8 |
HIGH
Local
|
navercorp
|
mybox
|
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
Update
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-8148
|
2026-05-11 21:59 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1303
|
7.3 |
HIGH
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pa…
Update
|
CWE-777
Regular Expression without Anchors
|
CVE-2026-40110
|
2026-05-11 21:59 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1304
|
5.3 |
MEDIUM
Local
|
prusa3d
|
prusaslicer
|
In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
Update
|
CWE-77
Command Injection
|
CVE-2023-47268
|
2026-05-11 21:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1305
|
8.1 |
HIGH
Network
|
apache
|
cloudstack
|
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th…
Update
|
CWE-459
Incomplete Cleanup
|
CVE-2025-66467
|
2026-05-11 21:57 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1306
|
9.1 |
CRITICAL
Network
|
ollama
|
ollama
|
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7482
|
2026-05-11 21:27 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1307
|
8.6 |
HIGH
Network
|
-
|
-
|
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.
This vulnerabilit…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-10470
|
2026-05-11 21:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1308
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
Update
|
CWE-78
OS Command
|
CVE-2026-8153
|
2026-05-11 19:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1309
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This…
New
|
CWE-281
Improper Preservation of Permissions
|
CVE-2025-8325
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1310
|
5.3 |
MEDIUM
Network
|
-
|
-
|
In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses…
New
|
CWE-74
Injection
|
CVE-2025-8154
|
2026-05-11 19:16 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
