Lucene search
+L

11 matches found

debiancve
debiancve
added 2026/07/07 8:46 p.m.5 views

CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.2AI score0.00197EPSS
Exploits0
cve
cve
added 2026/06/25 3:22 p.m.23 views

CVE-2026-57455

Vim (open source editor) prior to version 9.2.0698 is affected by a stack out-of-bounds write in spell_soundfold_sofo() (src/spell.c). The single-byte branch translates a word through a SOFO byte map into a caller-owned result buffer; the copy loop advances the output index with no upper bound an...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/06/25 3:22 p.m.3 views

CVE-2026-57455 Vim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argument

Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...

7.1CVSS6.1AI score0.0012EPSS
Exploits0References5
packetstorm
packetstorm
added 2026/06/11 12:0 a.m.61 views

📄 MEmu Android Emulator 9.2.7.0 Privilege Escalation

MEmu Android Emulator version 9.2.7.0 suffers from a local privilege escalation vulnerability via insecure permissions. CVE-2026-36213 CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 CVE-2026-36213 — MEmu...

7.8CVSS5.4AI score0.00479EPSS
Exploits2
osv
osv
added 2026/03/13 7:0 p.m.6 views

CVE-2026-30853 calibre has a Path Traversal Leading to Arbitrary File Write

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...

5CVSS5.9AI score0.00179EPSS
Exploits1References3
euvd
euvd
added 2026/03/13 7:0 p.m.5 views

EUVD-2026-12069

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to 9.5.0, a path traversal vulnerability in the RocketBook .rb input plugin src/calibre/ebooks/rb/reader.py allows an attacker to write arbitrary files to any path writable by the calibre...

9.3CVSS5.9AI score0.0052EPSS
Exploits2References1
cve
cve
added 2026/03/04 9:47 p.m.20 views

CVE-2025-66024

CVE-2025-66024 affects the XWiki Blog Application UI (org.xwiki.contrib.blog:application-blog-ui) and involves a Stored XSS in the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML tag without proper escaping in versions prior to 9.15.7. An attac...

9CVSS5.8AI score0.00353EPSS
Exploits3References3Affected Software1
attackerkb
attackerkb
added 2026/02/06 8:10 p.m.7 views

CVE-2026-25635

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows haven't tested on other OS's, this can lead to Remote Code Execution by writing a payload to the Startup...

8.6CVSS5.7AI score0.00438EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2026/01/20 3:27 p.m.5 views

CVE-2026-22031

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...

8.8CVSS5.5AI score0.00457EPSS
Exploits1References1
pypa
pypa
added 2020/10/13 6:15 p.m.8 views

PYSEC-2020-110

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

7.7CVSS6.9AI score0.01142EPSS
Exploits0References6Affected Software1
osv
osv
added 2020/10/13 6:15 p.m.62 views

UBUNTU-CVE-2020-15251

In the Channelmgnt plug-in for Sopel a Python IRC bot before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2...

7.7CVSS6.8AI score0.01142EPSS
Exploits0References6
Rows per page
Query Builder