Overview
- Microsoft
- Windows 10 Version 1507
13 May 2025
Published
13 Feb 2026
Updated
CVSS v3.1
HIGH (7.5)
EPSS
0.28%
KEV
Description
Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
- kovidgoyal
- calibre
06 Feb 2026
Published
11 Feb 2026
Updated
CVSS v3.1
HIGH (8.6)
EPSS
0.18%
KEV
Description
calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.
Statistics
- 1 Post
Last activity: 17 hours ago
Overview
Description
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is disabled
Statistics
- 1 Post
Last activity: 21 hours ago
Overview
- kovidgoyal
- calibre
06 Feb 2026
Published
06 Feb 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.01%
KEV
Description
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Statistics
- 1 Post
Last activity: 17 hours ago