PULSE
EN VIVO18señales / 24h
FEED
ransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Services
← Todos los CVEs
CVE Watch15 jul 2026

CVE-2026-44727

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authore

CVSS

5.4

Medio

EPSS

0.2%

p13

KEV

Exploit Today

4

0-100

Publicado: 22 jun 2026 · Última mod.: 15 jul 2026 · CWE-79 · CWE-1021

EPSS · 30d
0.2%EPSS · 30 días0.2%
2026-06-302026-07-17
Descripción técnica

Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a display_data output triggers stored XSS with cookie access, full /api/* authority, and kernel RCE. This vulnerability is fixed in 2.20.

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-252996.1 MED
99.9%
30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.9d
CVE-2021-364506.1 MED
99.2%
30Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.9d
CVE-2023-414256.1 MED
98.9%
30Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.9d
CVE-2022-330986.1 MED
98.8%
30Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted SVG document, with JavaScript, for a profile picture.9d
CVE-2025-441489.8 CRÍ
98.8%
30Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component13d
CVE-2022-365335.4 MED
98.5%
30Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability.9d