24h | 7d | 30d

Overview

  • Microsoft
  • Windows 10 Version 1507

13 May 2025
Published
13 Feb 2026
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.28%

KEV

Description

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Statistics

  • 1 Post

Last activity: 3 hours ago

Bluesky

Profile picture fallback
EventLog-in: Propagating With Weak Credentials Using the Eventlog Service in Microsoft Windows (CVE-2025-29969) www.safebreach.com/blog/safebre... github.com/SafeBreach-L...
  • 0
  • 0
  • 0
  • 3h ago

Overview

  • kovidgoyal
  • calibre

06 Feb 2026
Published
11 Feb 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.18%

KEV

Description

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
[Backport release-25.11] calibre: apply fix for CVE-2026-25731 and CVE-2026-25635 https://github.com/NixOS/nixpkgs/pull/491575 #security
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • GitLab
  • GitLab

11 Jun 2021
Published
19 Feb 2026
Updated

CVSS v3.1
MEDIUM (6.8)
EPSS
74.08%

Description

When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled

Statistics

  • 1 Post

Last activity: 21 hours ago

Bluesky

Profile picture fallback
CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability
  • 0
  • 0
  • 0
  • 21h ago

Overview

  • kovidgoyal
  • calibre

06 Feb 2026
Published
06 Feb 2026
Updated

CVSS v3.1
HIGH (7.8)
EPSS
0.01%

KEV

Description

calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture fallback
[Backport release-25.11] calibre: apply fix for CVE-2026-25731 and CVE-2026-25635 https://github.com/NixOS/nixpkgs/pull/491575 #security
  • 0
  • 0
  • 0
  • 17h ago
Showing 61 to 64 of 64 CVEs