Lucene search
K

29728 matches found

RedHat Linux
RedHat Linux
added 2026/02/09 9:34 a.m.6 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/09 7:38 a.m.4 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
CVE
CVE
added 2026/02/09 6:33 a.m.35 views

CVE-2026-1868

GitLab AI Gateway’s Duo Workflow Service was affected by an insecure template expansion defect in Duo Agent Platform Flow definitions across all 18.1.6–18.8.0 releases. The vulnerability could enable Denial of Service or remote code execution on the Gateway. Mitigation in the listed advisories is...

9.9CVSS6AI score0.00496EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/09 3:7 a.m.5 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/09 2:5 a.m.2 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/08 1:21 a.m.4 views

CVE-2026-25731

A flaw was found in Calibre, an e-book manager. This Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows an attacker to achieve arbitrary code execution. This occurs when a user converts an ebook using a specially crafted malicious custom template file...

7.8CVSS6AI score0.00241EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.6 views

CVE-2026-25647

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

5.4CVSS5.4AI score0.00204EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/02/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-25731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code...

7.8CVSS6.3AI score0.00241EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/02/07 12:0 a.m.5 views

Fedora 43 : chromium (2026-db342a4417)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-db342a4417 advisory. Update to 144.0.7559.132 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 Tenable has extracted the preceding...

8.8CVSS5.7AI score0.00579EPSS
Exploits1References3
OSV
OSV
added 2026/02/06 9:16 p.m.4 views

DEBIAN-CVE-2026-25731

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

7.8CVSS6.3AI score0.00241EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2026/02/06 9:16 p.m.4 views

CVE-2026-25731

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

7.8CVSS6.4AI score0.00241EPSS
Exploits2References3
EUVD
EUVD
added 2026/02/06 8:44 p.m.8 views

EUVD-2026-5567

Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled ondisk.logfile path. Minimal privileges are required read-only access. This vulnerability is fixed in 1.16.0...

8.5CVSS5.5AI score0.0049EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/06 8:14 p.m.7 views

EUVD-2026-5573

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

7.8CVSS6.2AI score0.00241EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/02/06 8:14 p.m.4 views

CVE-2026-25731 Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

7.8CVSS6.3AI score0.00241EPSS
Exploits2References2
CVE
CVE
added 2026/02/06 8:14 p.m.25 views

CVE-2026-25731

Calibre prior to version 9.2.0 contains a Server-Side Template Injection (SSTI) vulnerability in its Templite templating engine that can lead to arbitrary code execution when a malicious custom template is used with --template-html or --template-html-index during ebook conversion. The issue is fi...

7.8CVSS6.2AI score0.00241EPSS
Exploits2References2Affected Software1
Debian CVE
Debian CVE
added 2026/02/06 8:14 p.m.6 views

CVE-2026-25731

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection SSTI vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index...

7.8CVSS6.3AI score0.00241EPSS
Exploits2
NVD
NVD
added 2026/02/06 7:16 p.m.4 views

CVE-2026-25647

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

5.4CVSS0.00204EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/06 7:3 p.m.3 views

CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

4.6CVSS5.5AI score0.00204EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/06 7:3 p.m.5 views

EUVD-2026-5622

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

4.6CVSS5.4AI score0.00204EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/06 6:32 p.m.6 views

a2cli (>=0.1.0 <=0.2.1), a2py (>=0.2.1 <=0.2.3) +681 more potentially affected by CVE-2026-25580 via pydantic-ai-slim (>=0.0.26 <=1.55.0)

pydantic-ai-slim PYPI version =0.0.26, =0.1.0, =0.2.1, =0.9.0, =0.1.0, =0.2.15, =0.1.0, =0.0.1.dev1, =0.1.0, =0.0.4, =0.1.0, =0.2.5, =0.1.0, =0.0.3, =1.0.3 and more Source cves: CVE-2026-25580 Source advisory: OSV:GHSA-2JRP-274C-JHV3...

8.6CVSS6.5AI score0.00579EPSS
Exploits1
Rows per page
Query Builder