Overview
- kovidgoyal
- calibre
06 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
HIGH (8.2)
EPSS
0.01%
KEV
Description
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
- ALBRECHT JUNG GMBH & CO. KG
- JUNG Smart Visu Server
12 Feb 2026
Published
12 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
Pending
KEV
Description
JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remotely shutdown or reboot the server. Attackers can send a single POST request to trigger the server reboot without requiring any authentication.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
🚨 CVE-2026-26235 (HIGH): JUNG Smart Visu Server 1.1.1050 lets unauthenticated users remotely shut down or reboot the server via POST request. Restrict network access, monitor logs, and await vendor patch. Details: https://radar.offseq.com/threat/cve-2026-26235-missing-authentication-for-critical-64624540 #OffSeq #Vulnerability #OTSecurity
Overview
Description
The issue was addressed with improved memory handling. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS 26.3. An app may be able to cause unexpected system termination.
Statistics
- 1 Post
Last activity: 8 hours ago
Overview
- OpenPrinting
- cups
11 Sep 2025
Published
04 Nov 2025
Updated
CVSS v3.1
HIGH (8.0)
EPSS
0.05%
KEV
Description
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.
Statistics
- 1 Post
Last activity: 21 hours ago
Overview
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 was also issued in response to this report.
Statistics
- 2 Posts
- 12 Interactions
Last activity: 16 hours ago
Fediverse
Description
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Statistics
- 2 Posts
- 12 Interactions
Last activity: 16 hours ago
Fediverse
Overview
- libexpat project
- libexpat
23 Jan 2026
Published
23 Jan 2026
Updated
CVSS v3.1
LOW (2.9)
EPSS
0.00%
KEV
Description
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
Statistics
- 1 Post
Last activity: 17 hours ago
Overview
- Ivanti
- Endpoint Manager
10 Feb 2026
Published
10 Feb 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.16%
KEV
Description
An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.
Statistics
- 1 Post
Last activity: 22 hours ago
Overview
- TP-Link Systems Inc.
- Tapo C260 v1
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.50%
KEV
Description
On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cause full device compromise.
Statistics
- 1 Post
Last activity: 4 hours ago
Bluesky
Overview
- TP-Link Systems Inc.
- Tapo C260 v1
10 Feb 2026
Published
11 Feb 2026
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.06%
KEV
Description
On TP-Link Tapo C260 v1, path traversal is possible due to improper handling of specific GET request paths via https, allowing local unauthenticated probing of filesystem paths. An attacker on the local network can determine whether certain files exists on the device, with no read, write or code execution possibilities.
Statistics
- 1 Post
Last activity: 4 hours ago