7.8
CVE-2026-25634 - iccDEV memcpy-param-overlap in CIccTagMultiProcessElement::Apply()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers overlap in CIccTagMultiProcessElement::Apply() int IccTagMPE.cpp. This vulnerability is fixed in 2.3.1.β¦
7.8
CVE-2026-25731 - Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Expβ¦
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-lβ¦
8.6
CVE-2026-25635 - calibre has a Path Traversal Leading to Arbitrary File Write and Potential Code Execution
calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startupβ¦
8.2
CVE-2026-25636 - calibre has a Path Traversal Leading to Arbitrary File Corruption and Code Execution
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to aβ¦
5.3
CVE-2026-2065 - Flycatcher Toys smART Pixelator Bluetooth Low Energy missing authentication
A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from the local network. Theβ¦
7.1
CVE-2026-25640 - Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL.β¦
10
CVE-2026-25586 - SandboxJS has a Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the property-access path. This permits direct access to __proto__ and other blocked prototype properties, enβ¦
10
CVE-2026-25520 - SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be β¦
10
CVE-2026-25587 - SandboxJS has a Sandbox Escape
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escaped. This vulnerability is fixed in 0.8.29.
10
CVE-2026-25641 - SandboxJS has a sandbox escape via TOCTOU bug on keys in property accesses
SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for accessing properties. Even though the key used in property accesses is annotated as string, this is neveβ¦