Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-28201 | 1 Lfnovo | 1 Open-notebook | 2026-05-07 | N/A | 7.8 HIGH |
| An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible. | |||||
| CVE-2026-33587 | 1 Lfnovo | 1 Open-notebook | 2026-05-07 | N/A | 10.0 CRITICAL |
| Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations. | |||||
| CVE-2026-33588 | 1 Lfnovo | 1 Open-notebook | 2026-05-07 | N/A | 8.1 HIGH |
| Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal. | |||||
| CVE-2026-33589 | 1 Lfnovo | 1 Open-notebook | 2026-05-07 | N/A | 6.5 MEDIUM |
| Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal. | |||||