CVE-2025-51682
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to adminis
CVSS
9.8
Critical
EPSS
0.4%
p30
KEV
—
Exploit Today
9
0-100
Published: Dec 1, 2025 · Last modified: Jul 5, 2026 · CWE-602
0.4%EPSS · 30 days0.4%
2026-06-302026-07-17
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-422668.8 HIG41.2%
——12JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager (allowed_extensions_uris) is not correctly enforced by JupyterLab. The PyPI Extension Manager was not contained to packages listed on the default PyPI index. This vulnerability is fixed in 4.5.7.3dCVE-2025-363276.5 MED28.2%
——8IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security.11dCVE-2026-139038.8 HIG26.7%
——8Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)15dCVE-2026-139019.6 CRI26.7%
——8Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)15dCVE-2026-139306.5 MED24.0%
——7Insufficient policy enforcement in Actor in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)16dCVE-2026-139196.5 MED24.0%
——7Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)16d