|
3301
|
6.8 |
MEDIUM
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runt…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-40934
|
2026-05-11 22:00 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3302
|
7.8 |
HIGH
Local
|
navercorp
|
mybox
|
NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-8148
|
2026-05-11 21:59 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3303
|
7.3 |
HIGH
Network
|
jupyter
|
jupyter_server
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pa…
|
CWE-777
Regular Expression without Anchors
|
CVE-2026-40110
|
2026-05-11 21:59 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3304
|
5.3 |
MEDIUM
Local
|
prusa3d
|
prusaslicer
|
In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported.
|
CWE-77
Command Injection
|
CVE-2023-47268
|
2026-05-11 21:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3305
|
8.1 |
HIGH
Network
|
apache
|
cloudstack
|
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, th…
|
CWE-459
Incomplete Cleanup
|
CVE-2025-66467
|
2026-05-11 21:57 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3306
|
9.1 |
CRITICAL
Network
|
ollama
|
ollama
|
Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7482
|
2026-05-11 21:27 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3307
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.25.1 allows unauthenticated attacker to craft commands that will execute code on the robot's OS.
|
CWE-78
OS Command
|
CVE-2026-8153
|
2026-05-11 19:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3308
|
4.7 |
MEDIUM
Network
|
oracle
|
macoron
|
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker w…
|
CWE-601
CWE-346
Open Redirect
Origin Validation Error
|
CVE-2026-35253
|
2026-05-11 05:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3309
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery.
This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.
|
CWE-352
Origin Validation Error
|
CVE-2026-5791
|
2026-05-11 01:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3310
|
8.8 |
HIGH
Network
|
apache
|
cloudstack
|
Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an…
|
CWE-94
Code Injection
|
CVE-2026-25077
|
2026-05-11 00:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
