5.3
CVE-2026-25631 - Domain allowlist bypass enables credential exfiltration
n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This onlyβ¦
8.7
CVE-2026-2066 - UTT θΏε 520W formIpGroupConfig strcpy buffer overflow
A weakness has been identified in UTT θΏε 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public β¦
2.1
CVE-2026-25729 - DeepAudit Affected by User Enumeration via Broken Access Control
DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresses,β¦
10
CVE-2026-25632 - EPyT-Flow has unsafe JSON deserialization (__type__)
EPyT-Flow is a Python package designed for the easy generation of hydraulic and water quality scenario data of water distribution networks. Prior to 0.16.1, EPyT-Flowβs REST API parses attacker-controlled JSON request bodies using a custom deserializer (my_load_from_json) that supports a type fieldβ¦
7.8
CVE-2026-25634 - iccDEV memcpy-param-overlap in CIccTagMultiProcessElement::Apply()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.β¦
7.8
CVE-2026-25731 - Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Expβ¦
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-lβ¦
8.6
CVE-2026-25635 - calibre has a Path Traversal Leading to Arbitrary File Write and Potential Code Execution
calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startupβ¦
8.2
CVE-2026-25636 - calibre has a Path Traversal Leading to Arbitrary File Corruption and Code Execution
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to aβ¦
5.3
CVE-2026-2065 - Flycatcher Toys smART Pixelator Bluetooth Low Energy missing authentication
A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. Theβ¦
7.1
CVE-2026-25640 - Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL.β¦