ReportizFlow
Filtered by vendor Lfnovo
Subscriptions
Filtered by product Open-notebook
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28201 | 2 Lfnovo, Open Notebook | 2 Open-notebook, Open Notebook | 2026-05-08 | 7.8 High |
| An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible. | ||||
| CVE-2026-33587 | 2 Lfnovo, Open Notebook | 2 Open-notebook, Open Notebook | 2026-05-08 | 10.0 Critical |
| Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations. | ||||
| CVE-2026-33588 | 2 Lfnovo, Open Notebook | 2 Open-notebook, Open Notebook | 2026-05-08 | 8.1 High |
| Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal. | ||||
| CVE-2026-33589 | 2 Lfnovo, Open Notebook | 2 Open-notebook, Open Notebook | 2026-05-08 | 6.5 Medium |
| Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal. | ||||
Page 1 of 1.