lfnovo open-notebook CVE Vulnerabilities (4)

CVEs: 4 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting lfnovo open-notebook (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 14 of 4 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2026-33589 Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to access local files content from the docker container via path traversal. a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 8.2 0.18% 2026-05-07 2026-06-17
CVE-2026-33588 Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files on the docker container via path traversal. a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 7.0 0.18% 2026-05-07 2026-06-17
CVE-2026-33587 Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (SSTI) for user-created transformations. a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 9.2 0.23% 2026-05-07 2026-06-17
CVE-2026-28201 An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary database entries via specially crafted malicious URL. Depending on the deployment, data exfiltration is also possible. a6d3dc9e-0591-4a13-bce7-0f5b31ff6158 8.7 0.06% 2026-05-07 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence